Loading Joe Sandbox Report ...

Edit tour

Windows Analysis Report
4ui8luUSNp.exe

Overview

General Information

Sample name:4ui8luUSNp.exe
renamed because original name is a hash value
Original sample name:5a6beb7ab22fc65258d7d3681ce668058f93b7a2eb534b42b799aa8e61595c08.exe
Analysis ID:1536323
MD5:267b10eca642bbc3534be32cbc565f35
SHA1:95deb7c1dcfba5144100a5d73cb25218f304e3f4
SHA256:5a6beb7ab22fc65258d7d3681ce668058f93b7a2eb534b42b799aa8e61595c08
Tags:exemailum-comuser-JAMESWT_MHT
Infos:

Detection

Coinhive, Xmrig
Score:100
Range:0 - 100
Whitelisted:false
Confidence:100%

Signatures

Antivirus / Scanner detection for submitted sample
Antivirus detection for dropped file
Multi AV Scanner detection for dropped file
Multi AV Scanner detection for submitted file
Yara detected Coinhive miner
Yara detected Xmrig cryptocurrency miner
AI detected suspicious sample
Drops executables to the windows directory (C:\Windows) and starts them
Machine Learning detection for dropped file
Machine Learning detection for sample
May modify the system service descriptor table (often done to hook functions)
Tries to detect sandboxes and other dynamic analysis tools (process name or module or function)
Tries to harvest and steal browser information (history, passwords, etc)
AV process strings found (often used to terminate AV products)
Abnormal high CPU Usage
Checks if the current process is being debugged
Connects to many different domains
Contains functionality to call native functions
Contains functionality to dynamically determine API calls
Creates files inside the system directory
Detected non-DNS traffic on DNS port
Drops PE files
Drops PE files to the windows directory (C:\Windows)
Found a high number of Window / User specific system calls (may be a loop to detect user behavior)
Found large amount of non-executed APIs
Found potential string decryption / allocating functions
IP address seen in connection with other malware
May sleep (evasive loops) to hinder dynamic analysis
One or more processes crash
PE file contains sections with non-standard names
Sigma detected: Suspicious Outbound SMTP Connections
Sigma detected: Wow6432Node CurrentVersion Autorun Keys Modification
Uses 32bit PE files
Uses SMTP (mail sending)

Classification

  • System is w10x64
  • 4ui8luUSNp.exe (PID: 7524 cmdline: "C:\Users\user\Desktop\4ui8luUSNp.exe" MD5: 267B10ECA642BBC3534BE32CBC565F35)
    • videodrv.exe (PID: 7544 cmdline: C:\Windows\videodrv.exe MD5: 267B10ECA642BBC3534BE32CBC565F35)
      • WerFault.exe (PID: 8064 cmdline: C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 18336 MD5: C31336C1EFC2CCB44B4326EA793040F2)
  • videodrv.exe (PID: 7744 cmdline: "C:\Windows\videodrv.exe" MD5: 267B10ECA642BBC3534BE32CBC565F35)
  • cleanup
NameDescriptionAttributionBlogpost URLsLink
xmrigAccording to PCrisk, XMRIG is a completely legitimate open-source application that utilizes system CPUs to mine Monero cryptocurrency. Unfortunately, criminals generate revenue by infiltrating this app into systems without users' consent. This deceptive marketing method is called "bundling".In most cases, "bundling" is used to infiltrate several potentially unwanted programs (PUAs) at once. So, there is a high probability that XMRIG Virus came with a number of adware-type applications that deliver intrusive ads and gather sensitive information.No Attributionhttps://malpedia.caad.fkie.fraunhofer.de/details/win.xmrig
No configs have been found
SourceRuleDescriptionAuthorStrings
00000003.00000003.1555453252.0000000003CD3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
    00000003.00000003.1555453252.0000000003CD3000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CoinhiveYara detected Coinhive minerJoe Security
      00000001.00000003.1503431451.0000000003523000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_XmrigYara detected Xmrig cryptocurrency minerJoe Security
        00000001.00000003.1503431451.0000000003523000.00000004.00000020.00020000.00000000.sdmpJoeSecurity_CoinhiveYara detected Coinhive minerJoe Security
          Source: Network ConnectionAuthor: frack113: Data: DestinationIp: 142.251.9.27, DestinationIsIpv6: false, DestinationPort: 25, EventID: 3, Image: C:\Windows\videodrv.exe, Initiated: true, ProcessId: 7544, Protocol: tcp, SourceIp: 192.168.2.7, SourceIsIpv6: false, SourcePort: 49764
          Source: Registry Key setAuthor: Victor Sergeev, Daniil Yugoslavskiy, Gleb Sukhodolskiy, Timur Zinniatullin, oscd.community, Tim Shelton, frack113 (split): Data: Details: C:\Windows\videodrv.exe, EventID: 13, EventType: SetValue, Image: C:\Users\user\Desktop\4ui8luUSNp.exe, ProcessId: 7524, TargetObject: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\VideoDriver
          No Suricata rule has matched

          Click to jump to signature section

          Show All Signature Results

          AV Detection

          barindex
          Source: 4ui8luUSNp.exeAvira: detected
          Source: C:\Windows\exe.tmpAvira: detection malicious, Label: WORM/Mimail.A2
          Source: Avira: detection malicious, Label: WORM/Mimail.A2
          Source: C:\Windows\videodrv.exeAvira: detection malicious, Label: WORM/Mimail.A1
          Source: C:\Windows\zip.tmpAvira: detection malicious, Label: WORM/Mimail.A2
          Source: C:\Windows\videodrv.exeReversingLabs: Detection: 94%
          Source: 4ui8luUSNp.exeReversingLabs: Detection: 94%
          Source: Submited SampleIntegrated Neural Analysis Model: Matched 100.0% probability
          Source: C:\Windows\videodrv.exeJoe Sandbox ML: detected
          Source: 4ui8luUSNp.exeJoe Sandbox ML: detected

          Bitcoin Miner

          barindex
          Source: Yara matchFile source: 00000003.00000003.1555453252.0000000003CD3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000003.1503431451.0000000003523000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000003.00000003.1555453252.0000000003CD3000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: Yara matchFile source: 00000001.00000003.1503431451.0000000003523000.00000004.00000020.00020000.00000000.sdmp, type: MEMORY
          Source: 4ui8luUSNp.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
          Source: Binary string: d:\os\obj\amd64fre\minkernel\ntos\init\mp\objfre\amd64\typeinfo\ntkrnlmp.pdb source: videodrv.exe, 00000001.00000003.1538006054.0000000004E22000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeCode function: 0_2_00402C3E 1001F200,1001F284,1001F284,1001E65C,FindFirstFileA,1001E6C4,1001E6C4,1001E660,1001E65C,1001E65C,1001E660,1001E65C,1001E5C5,FindNextFileA,0_2_00402C3E
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Adobe\Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Jump to behavior
          Source: unknownNetwork traffic detected: DNS query count 49
          Source: global trafficTCP traffic: 192.168.2.7:61720 -> 1.1.1.1:53
          Source: global trafficTCP traffic: 192.168.2.7:61529 -> 1.1.1.1:53
          Source: Joe Sandbox ViewIP Address: 212.227.15.41 212.227.15.41
          Source: global trafficTCP traffic: 192.168.2.7:49764 -> 142.251.9.27:25
          Source: global trafficTCP traffic: 192.168.2.7:49845 -> 74.125.206.27:25
          Source: global trafficTCP traffic: 192.168.2.7:61652 -> 52.101.42.5:25
          Source: global trafficTCP traffic: 192.168.2.7:61653 -> 74.125.200.26:25
          Source: global trafficTCP traffic: 192.168.2.7:61667 -> 193.42.222.38:25
          Source: global trafficTCP traffic: 192.168.2.7:61671 -> 52.101.73.28:25
          Source: global trafficTCP traffic: 192.168.2.7:61727 -> 212.227.15.41:25
          Source: global trafficTCP traffic: 192.168.2.7:61732 -> 116.202.20.146:25
          Source: global trafficTCP traffic: 192.168.2.7:61736 -> 217.13.200.22:25
          Source: global trafficTCP traffic: 192.168.2.7:61738 -> 85.13.166.174:25
          Source: global trafficTCP traffic: 192.168.2.7:61740 -> 91.198.189.25:25
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: unknownTCP traffic detected without corresponding DNS query: 1.1.1.1
          Source: videodrv.exe, 00000001.00000003.1500934319.0000000003EFD000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: "www.facebook.com", equals www.facebook.com (Facebook)
          Source: videodrv.exe, 00000001.00000003.1523012493.00000000046F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/, equals www.youtube.com (Youtube)
          Source: global trafficDNS traffic detected: DNS query: time.windows.com
          Source: global trafficDNS traffic detected: DNS query: www.google.com
          Source: global trafficDNS traffic detected: DNS query: mozilla.org
          Source: global trafficDNS traffic detected: DNS query: search.mozilla.org
          Source: global trafficDNS traffic detected: DNS query: mozilla.com
          Source: global trafficDNS traffic detected: DNS query: aspmx3.googlemail.com
          Source: global trafficDNS traffic detected: DNS query: google.com
          Source: global trafficDNS traffic detected: DNS query: smtp.google.com
          Source: global trafficDNS traffic detected: DNS query: outlook.com
          Source: global trafficDNS traffic detected: DNS query: 2x.png
          Source: global trafficDNS traffic detected: DNS query: accv.es
          Source: global trafficDNS traffic detected: DNS query: trustcentre.co.za
          Source: global trafficDNS traffic detected: DNS query: gmail.com
          Source: global trafficDNS traffic detected: DNS query: mtin.es
          Source: global trafficDNS traffic detected: DNS query: outlook-com.olc.protection.outlook.com
          Source: global trafficDNS traffic detected: DNS query: alt4.gmail-smtp-in.l.google.com
          Source: global trafficDNS traffic detected: DNS query: catcert.net
          Source: global trafficDNS traffic detected: DNS query: e-szigno.hu
          Source: global trafficDNS traffic detected: DNS query: sk.ee
          Source: global trafficDNS traffic detected: DNS query: in.hes.trendmicro.eu
          Source: global trafficDNS traffic detected: DNS query: mail.microsec.hu
          Source: global trafficDNS traffic detected: DNS query: sk-ee.mail.protection.outlook.com
          Source: global trafficDNS traffic detected: DNS query: chambersign.org
          Source: global trafficDNS traffic detected: DNS query: garagejournal.com
          Source: global trafficDNS traffic detected: DNS query: tripadvisor.com
          Source: global trafficDNS traffic detected: DNS query: mylivewallpapers.com
          Source: global trafficDNS traffic detected: DNS query: candidate.hr-manager.net
          Source: global trafficDNS traffic detected: DNS query: ads.talkscreativity.com
          Source: global trafficDNS traffic detected: DNS query: belgieninfo.net
          Source: global trafficDNS traffic detected: DNS query: mx00.ionos.de
          Source: global trafficDNS traffic detected: DNS query: delamar.de
          Source: global trafficDNS traffic detected: DNS query: googlewatchblog.de
          Source: global trafficDNS traffic detected: DNS query: pommes.hebbet.de
          Source: global trafficDNS traffic detected: DNS query: lintorfer.eu
          Source: global trafficDNS traffic detected: DNS query: schule-studium.de
          Source: global trafficDNS traffic detected: DNS query: mx2.schule-studium.de
          Source: global trafficDNS traffic detected: DNS query: windowspower.de
          Source: global trafficDNS traffic detected: DNS query: w0187a3c.kasserver.com
          Source: global trafficDNS traffic detected: DNS query: wirsiegen.de
          Source: global trafficDNS traffic detected: DNS query: mx04.mail.millenniumarts.net
          Source: global trafficDNS traffic detected: DNS query: wp.com
          Source: global trafficDNS traffic detected: DNS query: guenstiger.de
          Source: global trafficDNS traffic detected: DNS query: games.ch
          Source: global trafficDNS traffic detected: DNS query: zentrum-der-gesundheit.de
          Source: global trafficDNS traffic detected: DNS query: stroeerdigitalgroup.de
          Source: global trafficDNS traffic detected: DNS query: radiosantiago.cl
          Source: global trafficDNS traffic detected: DNS query: fanpelis.ac
          Source: global trafficDNS traffic detected: DNS query: blog.lesoir.be
          Source: global trafficDNS traffic detected: DNS query: mozilla.org.xpi
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv1.crl0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv10.crl0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://acraiz.icpbrasil.gov.br/LCRacraizv2.crl0
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ads.sisal.it/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ads.williamhill.it/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://adv.comunicareimpresa.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://adv.ilsole24ore.it/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://affiliazioniads.snai.it/
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/DPCyPoliticas0g
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/crl/MTINAutoridadRaiz03
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca.mtin.es/mtin/ocsp0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0
          Source: videodrv.exe, 00000001.00000003.1444406864.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476433531.000000000352F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/Dig
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045E1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.00000000051CB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045D9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000042B9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.00000000046D1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004BC9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1511374818.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510001960.000000000353F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootCA.crt0B
          Source: videodrv.exe, 00000001.00000003.1444521942.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476511575.000000000352A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045E1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000042B9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004579000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.00000000046D1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004BC9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444406864.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.0000000004923000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1511374818.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444521942.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476433531.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476511575.000000000352A000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1454608483.0000000003EFB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510001960.000000000353F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045E1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.00000000051CB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045D9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444406864.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476433531.000000000352F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG2.crt0B
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.0000000004923000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1454608483.0000000003EFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertGlobalRootG3.crt0
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045E1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.00000000051CB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045D9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertSHA2SecureServerCA-2.crt0
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000042B9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.00000000046D1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004BC9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1511374818.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510001960.000000000353F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cacerts.digicert.com/DigiCertTLSRSASHA2562020CA1-1.crt0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oati.net/repository/OATICA2.crl0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oati.net/repository/OATICA2.crt0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crl
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://certs.oaticerts.com/repository/OATICA2.crt08
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://clkuk.tradedoubler.com/
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://compose.mail.yahoo.co.jp/ym/Compose?To=%ss
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersignroot.html0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.chambersign.org/cps/chambersroot.html0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://cps.siths.se/sithsrootcav1.html0
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crazylead.com/video/
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersignroot.crl0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.chambersign.org/chambersroot.crl0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.comodoca.com/AAACertificateServices.crl06
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.defence.gov.au/pki0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.postsignum.cz/crl/psrootqca4.crl02
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.postsignum.eu/crl/psrootqca4.crl0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/SGCA.crl0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.securetrust.com/STCA.crl0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl.xrampsecurity.com/XGCA.crl0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl1.comsign.co.il/crl/comsignglobalrootca.crl0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl2.postsignum.cz/crl/psrootqca4.crl01
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045E1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.00000000051CB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045D9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl07
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000042B9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.00000000046D1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004BC9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1511374818.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510001960.000000000353F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootCA.crl0=
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045E1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.00000000051CB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045D9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444406864.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476433531.000000000352F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl0
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045E1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000042B9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004579000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.00000000046D1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004BC9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444406864.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.0000000004923000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1511374818.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444521942.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476433531.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476511575.000000000352A000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1454608483.0000000003EFB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510001960.000000000353F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG2.crl07
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.0000000004923000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1454608483.0000000003EFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertGlobalRootG3.crl07
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000042B9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.00000000046D1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004BC9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1511374818.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510001960.000000000353F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
          Source: videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigicertSHA2Secure
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045E1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.00000000051CB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045D9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/DigicertSHA2SecureServerCA-1.crl0?
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444406864.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000359F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476433531.000000000352F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl3.digicert.com/Omniroot2025.crl0
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045E1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.00000000051CB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045D9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootCA.crl00
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045E1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000042B9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004579000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.00000000046D1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004BC9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444406864.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.0000000004923000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1511374818.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444521942.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476433531.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476511575.000000000352A000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1454608483.0000000003EFB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510001960.000000000353F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG2.crl0
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.0000000004923000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1454608483.0000000003EFB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertGlobalRootG3.crl0
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000042B9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.00000000046D1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004BC9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1511374818.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510001960.000000000353F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigiCertTLSRSASHA2562020CA1-4.crl0
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045E1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.00000000051CB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045D9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0
          Source: videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://crl4.digicert.com/DigicertSHA2SecureServerCA-1.crl0~
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://direct.juiceadv.com/aff_
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://display.tracksafe.click/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://diventarehackerblog.altervista.org/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://edintorni.net/related/service/sponsor/redirect/?
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fb.me/use-check-prop-types
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fb.me/use-check-prop-typesG
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://fedir.comsign.co.il/crl/comsignglobalrootca.crl0;
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ib.adnxs.com/clktrb?id=
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://labseo.ddns.net/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://media.vincitu.it/C.ashx?
          Source: videodrv.exe, 00000001.00000003.1523012493.00000000046F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://mozilla.org
          Source: videodrv.exe, 00000001.00000003.1454386841.0000000003AF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://msn.com
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://native.publy.com/related/service/sponsor/redirect/?
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.accv.es0
          Source: videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digi
          Source: videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.co
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045E1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000042B9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.00000000051CB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004579000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.00000000046D1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045D9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004BC9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444406864.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.0000000004923000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1511374818.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444521942.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476433531.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476511575.000000000352A000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1454608483.0000000003EFB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510001960.000000000353F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444406864.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000359F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476433531.000000000352F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0:
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045E1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.00000000051CB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045D9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0H
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000042B9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.00000000046D1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004BC9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1511374818.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510001960.000000000353F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.digicert.com0I
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000359F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.msocsp.com0
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444406864.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476433531.000000000352F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://ocsp.msocsp.com0S
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://pki.registradores.org/normativa/index.htm0
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://poczta.interia.pl/mh/?mailto=%sw
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://policy.camerfirma.com0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://postsignum.ttc.cz/crl/psrootqca2.crl0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://repository.swisssign.com/0
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://rover.ebay.com/
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://shrsl.com/
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://stackoverflow.com/questions/30030031)
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tiny.cc/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tisca.li/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tracker.tradedoubler.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://tracking.performoney.it/
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://win.mail.ru/cgi-bin/sentmsg?mailto=%sy
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.acabogacia.org/doc0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1_der.crl0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es/legislacion_c.htm0U
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.accv.es00
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.agesic.gub.uy/acrn/acrn.crl0)
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.agesic.gub.uy/acrn/cps_acrn.pdf0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ancert.com/cps0
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bet365.it/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.betwin.co.it
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.booking.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.bookings.net/
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ca.posta.rs/dokumentacija0h
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.cert.fnmt.es/dpcs/0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.chambersign.org1
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000042B9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.00000000046D1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004191000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004BC9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1511374818.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510001960.000000000353F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004131000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045E1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.00000000051CB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000045D9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.digicert.com/CPS0~
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.djpoint.net/
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.dnie.es/dpc0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.ecee.gov.pt/dpc0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.firmaprofesional.com/cps0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.globaltrust.info0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.globaltrust.info0=
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.herobet.it/
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.inbox.lv/rfc2368/?value=%su
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1523012493.00000000046F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xul(
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.mozilla.org/keymaster/gatekeeper/there.is.only.xulR
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.oaticerts.com/repository.
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.pki.admin.ch/cps/CPS_2_16_756_1_17_3_1_0.pdf09
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.postsignum.cz/crl/psrootqca2.crl02
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.quovadisglobal.com/cps0
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rentalcars.com/?affiliateCode=
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.rietilife.com?pasID=
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.sostariffe.it/tracker2.php?
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.tostadora.it/t-shirt-nerd.php?
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.uce.gub.uy/acrn/acrn.crl0
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0G
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: http://www2.postsignum.cz/crl/psrootqca2.crl01
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://4kmovies.online/download/
          Source: videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://M365CDN.nel.measure.office-92
          Source: videodrv.exe, 00000001.00000003.1476433531.000000000352F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://M365CDN.nel.measure.office.net/api/report?FrontEnd=VerizonCDNWorldWide&DestinationEndpoint=P
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://accounts.firefox.com/
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://addons.mozilla.org
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ads.pubbliemme-adv.net/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ads.sisal.it/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://adserver.html.it/
          Source: videodrv.exe, 00000001.00000003.1444521942.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476511575.000000000352A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aefd.nel
          Source: videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aefd.nelr
          Source: videodrv.exe, 00000001.00000003.1515194577.0000000004CB3000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000044F1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.0000000004C8B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444521942.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000004098000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000040A1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476511575.000000000352A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaot
          Source: videodrv.exe, 00000001.00000003.1476511575.000000000352A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingaotak
          Source: videodrv.exe, 00000001.00000003.1515194577.0000000004CB3000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004529000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000044F1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000359F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.0000000004C8B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444521942.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000040A1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476511575.000000000352A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingrms
          Source: videodrv.exe, 00000001.00000003.1515194577.0000000004D2B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=bingth
          Source: videodrv.exe, 00000001.00000003.1515194577.0000000004CB3000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.000000000485B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000044F1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444521942.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476511575.000000000352A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://aefd.nelreports.net/api/report?cat=wsb
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://affiliate.across.it/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://affiliati.gointernet.it/verify/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://affiliation.software/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://affiliazioniads.snai.it/
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amazon.com
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://amzn.to/
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004C71000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000359F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510001960.000000000353F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://api.msn.com/v1/News/Feed/Windows?apikey=qrUeHGGYvVowZJuHA3XaH0uUvg1ZJ0GUZnXk3mxxPF&ocid=wind
          Source: videodrv.exe, 00000001.00000003.1454386841.0000000003AF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/fre/107.0.1418.52/main.bundle.js
          Source: videodrv.exe, 00000001.00000003.1454386841.0000000003AF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/staticsb/statics/latest/fre/version.json
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004C71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://assets.msn.com/weathermapdata/1/static/weather/Icons/JyNGQgA=/Condition/AAehwh2.svg
          Source: videodrv.exe, 00000001.00000003.1454386841.0000000003AF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://azureedge.net
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://baidu.com
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://basket.mozilla.org/news/subscribe/
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://basket.mozilla.org/news/subscribe_sms/
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://basket.mozilla.org/subscribe.json
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://bugzilla.mozilla.org/show_bug.cgi?id=1238180
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://c.mtpc.se/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://campaigns.williamhill.it/C.ashx?
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://casinohex.it/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://casinostudio3000.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clk.tradedoubler.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://clkuk.tradedoubler.com/
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004C71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://config.edge.skype.com/config/v1/ODSP_Sync_Client/19.043.0304.0013?UpdateRing=Prod&OS=Win&OSV
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004C71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://cxcs.microsoft.net/api/settings/en-GB/xml/settings-tipset?release=20h1&sku=Professional&plat
          Source: videodrv.exe, 00000001.00000003.1454608483.0000000003EFB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510001960.000000000353F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://deff.nelreports.net/api/report?cat=msn
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://developer.mozilla.org/en-US/Add-ons/WebExtensions/manifest.json/commands#Key_combinations
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://direct.piuannews.com/aff_
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://disneyplus.bn5x.net/
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://duckduckgo.com
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%s
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%sz
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://e.mail.ru/cgi-bin/sentmsg?mailto=%szw
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ebay.com
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ebay.it/?mkcid=
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ebay.to/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ebay.us/
          Source: videodrv.exe, 00000001.00000003.1515194577.0000000004D2B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecfdb90f321c52ef6e93077f63413543.azr.footprintdns.com/apc/trans.gif?bd78002c55888096ce060c58
          Source: videodrv.exe, 00000001.00000003.1515194577.0000000004D2B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecfdb90f321c52ef6e93077f63413543.azr.footprintdns.com/apc/trans.gif?c2fcd52267835a3e34f9ac05
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004C71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ecs.nel.measure.office.net?TenantId=ODSP_Sync_Client&DestinationEndpoint=Edge-Prod-LAX31r5c&
          Source: videodrv.exe, 00000001.00000003.1454386841.0000000003AF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://edgeassetservice.azureedge.net/assets/arbitration_priority_list/4.0.5/asset?sv=2017-07-29&sr
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://email.seznam.cz/newMessageScreen?mailto=%s
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-polyfillsO
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-polyfillsP
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fb.me/react-polyfillsPO
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/browser/components/newtab/content-src/asrouter/docs/debuggin
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox-source-docs.mozilla.org/remote/Security.html
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main-preview/collections/search-config/reco
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordsm
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordsmr
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main-preview/collections/search-config/reco
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/nimbus-desktop-experiments
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1/buckets/main/collections/search-config/recordsi
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1i
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://firefox.settings.services.mozilla.com/v1i#
          Source: videodrv.exe, 00000001.00000003.1515194577.0000000004D2B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fp-afd.azurefd.us/apc/trans.gif?69c749c200c753dfb00f5bc8299ab8eb
          Source: videodrv.exe, 00000001.00000003.1515194577.0000000004D2B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fp-afd.azurefd.us/apc/trans.gif?a2555e10569a45fe03b885d268c50da9
          Source: videodrv.exe, 00000001.00000003.1515194577.0000000004D2B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fp-as.azureedge.net/apc/trans.gif?23ecc2fb73d617d9826364f47d1067db
          Source: videodrv.exe, 00000001.00000003.1515194577.0000000004D2B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fp-as.azureedge.net/apc/trans.gif?7bac4e73e9b20fcc41dc97447167937d
          Source: videodrv.exe, 00000001.00000003.1515194577.0000000004D2B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fp.msedge.net/conf/v2/asgw/fpconfig.min.json?monitorId=asgw
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://fpn.firefox.com
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/a4
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/collections
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/explore/
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/read/$
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://getpocket.com/recommendations
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/projectfluent/fluent.js/wiki/React-Overlays.
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://github.com/zertosh/loose-envify)
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://go.ketchupadv.it/aff_
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://google.com
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://group.intesasanpaolo.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://guarda4k.online/
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://help.getpocket.com/article/1142-firefox-new-tab-recommendations-faq
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://hg.mozilla.org/releases/mozilla-release/rev/68e4c357d26c5a1f075a1ec0c696d4fe684ed881a
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://httpslink.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://ic.aff-handler.com/
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://img-getpocket.cdn.mozilla.net/7
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iptv01.tw/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://iqbroker.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://is.gd/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://it.banggood.com/marketing-
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://it.dhgate.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://jooble.org/images/logo_48x61.gif)
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://link.offerte2019.info/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://link.offerte2019.space/
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004891000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000003C71000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_authorize.srf?client_id=00000000480728C5&scope=service::ssl.live.com:
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004891000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.0000000003C71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_desktop.srf?lc=1033
          Source: videodrv.exe, 00000001.00000003.1445684065.0000000003C71000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004841000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://login.live.com/oauth20_logout.srf?client_id=00000000480728C5&redirect_uri=https://login.live
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004C71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/Converged_v22057_4HqSCTf5FFStBMz0_eIqyA2.css
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004C71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/16.000/content/js/ConvergedLoginPaginatedStrings.en-gb_RP-iR89BipE4i7ZOq
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004C71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/ConvergedLogin_PCore_tSc0Su-bb7Jt0QVuF6v9Cg2.js
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004C71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://logincdn.msauth.net/shared/1.0/content/js/oneDs_f2e0f4a029670f10d892.js
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.google.com/mail/?extsrc=mailto&url=%s
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%s
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.inbox.lv/compose?to=%sv
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%s
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mail.yahoo.co.jp/compose/?To=%st
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://marketing.net.occhiali24.it/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://media.goldbetpartners.it/redirect.aspx?
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mediaserver.bwinpartypartners.it/renderBanner.do?
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://merino.services.mozilla.com/api/v1/suggest5
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://monitor.firefox.com
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mozilla.org/W
          Source: videodrv.exe, 00000001.00000003.1454386841.0000000003AF2000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://msn.com
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://mzl.la/3NS9KJd
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://n26-eu.c2nwa3.net/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://nplink.net/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://offerte2019.space/
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004C71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2022-09-17-00-05-23/PreSignInSettingsConfig.json?One
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004C71000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444406864.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476433531.000000000352F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/PreSignInSettings/Prod/2023-10-05-07-50-22/PreSignInSettingsConfig.json
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004C71000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/21.220.1024.0005/update100.xml?OneDriveUpdate=d75433bcf1f9312f1975
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004C71000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444521942.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476511575.000000000352A000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://oneclient.sfx.ms/Win/Prod/741e3e8c607c445262f3add0e58b18f19e0502af.xml?OneDriveUpdate=ad62f4
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://online.codere.it/promoRedirect?
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://outlook.live.com/default.aspx?rru=compose&to=%s
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://platform.gadaffiliates.com/
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%s
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://poczta.interia.pl/mh/?mailto=%sx
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://preferredby.me/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://prf.hn/
          Source: videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://profiler.firefox.com
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://promonow.shop/offers.php?
          Source: videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://r.bing-
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rcl.ink/
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://reactjs.org/docs/error-decoder.html?invariant=
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://record.betpartners.it/
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://repository.luxtrust.lu0
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/ew-preload-inline-2523c8c1505f1172be19.js
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/otel-logger-104bffe9378b8041455c.js
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-35de8a913e.css
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-async-styles.a903b7d0ab82e5bd2f8a.chunk.v7.css
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bootstrap-5e7af218e953d095fabf.js
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-3a99f64809c6780df035.js
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-bundle-994d8943fc9264e2f8d3.css
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-fluent~left-nav-rc.ac5cfbeadfd63fc27ffd.chunk.v7.js
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-forms-group~mru~officeforms-group-forms~officeforms
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-left-nav-rc.68ab311bcca4f86f9ef5.chunk.v7.js
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-mru.2ce72562ad7c0ae7059c.chunk.v7.js
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendor-bundle-ba2888a24179bf152f3d.js
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.169ce481376dceef3ef6.chunk.v7.c
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwa-vendors~left-nav-rc.b24d6b48aeb44c7b5bf6.chunk.v7.j
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/pwaunauth-9d8bc214ac.css
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedfontstyles-27fa2598d8.css
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/sharedscripts-939520eada.js
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticpwascripts-30998bff8f.js
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/bundles/staticstylesfabric-35c34b95e3.css
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444406864.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476433531.000000000352F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/hero-image-desktop-f6720a4145.jpg
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/lockup-mslogo-color-78c06e8898.png
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/microsoft-365-logo-01d5ecd01a.png
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-apps-image-46596a6856.png
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/images/content/images/unauth-checkmark-image-1999f0bf81.png
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444406864.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476433531.000000000352F000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/versionless/officehome/thirdpartynotice.html
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_regular.woff2
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004919000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://res.cdn.office.net/officehub/versionless/webfonts/segoeui_semibold.woff2
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://rover.ebay.com/
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://screenshots.firefox.com
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://sfogliabile.stihlmarketing.it/
          Source: videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://snippets.mozilla.com/show/
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/firefox-crashes-troubleshoot-prevent-and-get-help
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causes
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://support.mozilla.org/kb/website-translation
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tidd.ly/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://track.webgains.com/click.html
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tracker.tradedoubler.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tracking.performoney.it/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://tracking.tgmfraz.com/
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://truecolors.firefox.com
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://twitter.com
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://universofree.net/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://wellcum.at/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.18carati.com/?acc=
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.aliperme.it/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.it/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.amazon.it/shop/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.anrdoezrs.net/click-
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ansa.it/codici-sconto/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.appscommesse.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.awin1.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.booking.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.catawiki.it
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel
          Source: videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.catcert.net/verarrel05
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.centoxcento.net/?track=
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.dazn.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ebay.it/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.getyourguide.it/
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.google.com/policies/privacy/2
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.holyart.it/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.instant-gaming.com/?igr=
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.instant-gaming.com?igr=
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.ivacy.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.macrolibrarsi.it/
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org
          Source: videodrv.exe, 00000001.00000003.1523012493.00000000046F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/(
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.mozilla.org/firefox/new/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.nigiara.it/scripts/redir.php?url=https://amzn.to/
          Source: videodrv.exe, 00000001.00000003.1477354145.0000000004AF9000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.office.com/
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.openh264.org//
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.orgasmi899.com
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.plus500.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.primevideo.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.rentalcars.com/?affiliateCode=
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.scommettievinci.net/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.trattamentinaturalibio.it/
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.widevine.com/3
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.worldnomads.com/Turnstile/AffiliateLink?
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.worldnomads.it/?affiliate=
          Source: videodrv.exe, 00000001.00000003.1523012493.00000000046F5000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www.youtube.com/
          Source: videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://www2.razer.com/
          Source: videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpString found in binary or memory: https://yandex.com
          Source: C:\Windows\videodrv.exeProcess Stats: CPU usage > 49%
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeCode function: 0_2_004045FA CreateThread,KillTimer,gethostbyname,CreateThread,CreateThread,CreateThread,PostQuitMessage,NtdllDefWindowProc_A,0_2_004045FA
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeFile created: C:\Windows\videodrv.exeJump to behavior
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeFile created: C:\Windows\videodrv.exe\:Zone.Identifier:$DATAJump to behavior
          Source: C:\Windows\videodrv.exeFile created: C:\Windows\exe.tmpJump to behavior
          Source: C:\Windows\videodrv.exeFile created: C:\Windows\zip.tmpJump to behavior
          Source: C:\Windows\videodrv.exeFile created: C:\Windows\eml.tmpJump to behavior
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeCode function: String function: 004058BC appears 45 times
          Source: C:\Windows\videodrv.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 18336
          Source: 4ui8luUSNp.exeStatic PE information: RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
          Source: classification engineClassification label: mal100.spyw.evad.mine.winEXE@5/14@72/12
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeCode function: 0_2_004032D7 CLSIDFromString,1001D8F8,CoCreateInstance,1001D8F8,1001D8F8,1001D8F8,1001D8F8,1001D8F8,1001D8F8,1001D8F8,1001D8F8,1001D8F8,1001D8F8,1001D8F8,1001D8F8,1001D8F8,1001D8F8,1001D8F8,1001D8F8,1001D8F8,1001F200,1001F200,0_2_004032D7
          Source: C:\Windows\SysWOW64\WerFault.exeMutant created: \Sessions\1\BaseNamedObjects\Local\WERReportingForProcess7544
          Source: C:\Windows\SysWOW64\WerFault.exeFile created: C:\ProgramData\Microsoft\Windows\WER\Temp\2cffe978-2fca-4897-93b2-25e39ba7b2feJump to behavior
          Source: C:\Windows\videodrv.exeFile read: C:\Users\user\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\desktop.iniJump to behavior
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeKey opened: HKEY_CURRENT_USER\Software\Policies\Microsoft\Windows\Safer\CodeIdentifiersJump to behavior
          Source: 4ui8luUSNp.exeReversingLabs: Detection: 94%
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeFile read: C:\Users\user\Desktop\4ui8luUSNp.exeJump to behavior
          Source: unknownProcess created: C:\Users\user\Desktop\4ui8luUSNp.exe "C:\Users\user\Desktop\4ui8luUSNp.exe"
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeProcess created: C:\Windows\videodrv.exe C:\Windows\videodrv.exe
          Source: unknownProcess created: C:\Windows\videodrv.exe "C:\Windows\videodrv.exe"
          Source: C:\Windows\videodrv.exeProcess created: C:\Windows\SysWOW64\WerFault.exe C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 18336
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeProcess created: C:\Windows\videodrv.exe C:\Windows\videodrv.exeJump to behavior
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeSection loaded: crtdll.dllJump to behavior
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeSection loaded: wsock32.dllJump to behavior
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeSection loaded: ntmarta.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: apphelp.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: crtdll.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: wsock32.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: napinsp.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: pnrpnsp.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: wshbth.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: winrnr.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: winnsi.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: crtdll.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: iphlpapi.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: wsock32.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: uxtheme.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: napinsp.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: pnrpnsp.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: wshbth.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: nlaapi.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: mswsock.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: dnsapi.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: winrnr.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: fwpuclnt.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: rasadhlp.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: dhcpcsvc6.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: dhcpcsvc.dllJump to behavior
          Source: C:\Windows\videodrv.exeSection loaded: winnsi.dllJump to behavior
          Source: Binary string: d:\os\obj\amd64fre\minkernel\ntos\init\mp\objfre\amd64\typeinfo\ntkrnlmp.pdb source: videodrv.exe, 00000001.00000003.1538006054.0000000004E22000.00000004.00000020.00020000.00000000.sdmp
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeCode function: 0_2_004043D0 LoadLibraryA,GetProcAddress,WSAStartup,GetWindowsDirectoryA,1001F284,1001F218,DeleteFileA,1001F284,1001F218,DeleteFileA,1001F284,1001F218,DeleteFileA,RegisterClassA,CreateWindowExA,MessageBoxA,SetTimer,TranslateMessage,DispatchMessageA,GetMessageA,0_2_004043D0
          Source: 4ui8luUSNp.exeStatic PE information: section name: UPX2
          Source: 4ui8luUSNp.exeStatic PE information: section name: .imports
          Source: videodrv.exe.0.drStatic PE information: section name: UPX2
          Source: videodrv.exe.0.drStatic PE information: section name: .imports
          Source: initial sampleStatic PE information: section name: UPX0
          Source: initial sampleStatic PE information: section name: UPX1
          Source: initial sampleStatic PE information: section name: UPX0
          Source: initial sampleStatic PE information: section name: UPX1

          Persistence and Installation Behavior

          barindex
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeExecutable created and started: C:\Windows\videodrv.exeJump to behavior
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeFile created: C:\Windows\videodrv.exeJump to dropped file
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeFile created: C:\Windows\videodrv.exeJump to dropped file
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run VideoDriverJump to behavior
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeRegistry value created or modified: HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Windows\CurrentVersion\Run VideoDriverJump to behavior

          Hooking and other Techniques for Hiding and Protection

          barindex
          Source: videodrv.exe, 00000001.00000003.1538006054.00000000046F5000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: KeServiceDescriptorTable
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: FAILCRITICALERRORS | NOGPFAULTERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior
          Source: C:\Windows\SysWOW64\WerFault.exeProcess information set: NOOPENFILEERRORBOXJump to behavior

          Malware Analysis System Evasion

          barindex
          Source: videodrv.exe, 00000001.00000003.1441374434.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1436702392.0000000003329000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1462315432.0000000003520000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: DEMUL.EXE
          Source: C:\Windows\videodrv.exeWindow / User API: threadDelayed 3431Jump to behavior
          Source: C:\Windows\videodrv.exeWindow / User API: threadDelayed 5901Jump to behavior
          Source: C:\Windows\videodrv.exeWindow / User API: foregroundWindowGot 1769Jump to behavior
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeAPI coverage: 5.6 %
          Source: C:\Windows\videodrv.exe TID: 7652Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Windows\videodrv.exe TID: 7656Thread sleep time: -60000s >= -30000sJump to behavior
          Source: C:\Windows\videodrv.exe TID: 7888Thread sleep count: 3431 > 30Jump to behavior
          Source: C:\Windows\videodrv.exe TID: 7888Thread sleep time: -5146500s >= -30000sJump to behavior
          Source: C:\Windows\videodrv.exe TID: 7896Thread sleep time: -120000s >= -30000sJump to behavior
          Source: C:\Windows\videodrv.exe TID: 7896Thread sleep count: 80 > 30Jump to behavior
          Source: C:\Windows\videodrv.exe TID: 7896Thread sleep time: -40000s >= -30000sJump to behavior
          Source: C:\Windows\videodrv.exe TID: 7888Thread sleep count: 5901 > 30Jump to behavior
          Source: C:\Windows\videodrv.exe TID: 7888Thread sleep time: -8851500s >= -30000sJump to behavior
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeCode function: 0_2_00402C3E 1001F200,1001F284,1001F284,1001E65C,FindFirstFileA,1001E6C4,1001E6C4,1001E660,1001E65C,1001E65C,1001E660,1001E65C,1001E5C5,FindNextFileA,0_2_00402C3E
          Source: C:\Windows\videodrv.exeThread delayed: delay time: 60000Jump to behavior
          Source: C:\Windows\videodrv.exeThread delayed: delay time: 60000Jump to behavior
          Source: C:\Windows\videodrv.exeThread delayed: delay time: 60000Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Adobe\Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Cache\Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Acrobat\Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Adobe\Acrobat\DC\SOPHIA\Jump to behavior
          Source: videodrv.exe, 00000001.00000003.1452393910.0000000003AF9000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware20,1
          Source: videodrv.exe, 00000001.00000003.1454070894.0000000003EF7000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: VMware20,1(
          Source: videodrv.exe, 00000001.00000003.1515194577.0000000004D2B000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: https://r.bing.com/rb/18/jnc,nj/6hU_LneafI_NFLeDvM367ebFaKQ.js?bu=Dx0ma3d6fXRucbIBtQEmpQEmuAE&or=w
          Source: 4ui8luUSNp.exe, 00000000.00000002.1375148450.00000000004EE000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: Hyper-V RAW%SystemRoot%\system32\mswsock.dll
          Source: C:\Windows\videodrv.exeProcess queried: DebugPortJump to behavior
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeCode function: 0_2_004043D0 LoadLibraryA,GetProcAddress,WSAStartup,GetWindowsDirectoryA,1001F284,1001F218,DeleteFileA,1001F284,1001F218,DeleteFileA,1001F284,1001F218,DeleteFileA,RegisterClassA,CreateWindowExA,MessageBoxA,SetTimer,TranslateMessage,DispatchMessageA,GetMessageA,0_2_004043D0
          Source: C:\Users\user\Desktop\4ui8luUSNp.exeCode function: 0_2_00401469 10015765,10015765,100151BB,10015138,1001C489,1001C32C,GetSystemTimeAsFileTime,FileTimeToDosDateTime,1001F200,1001C7EA,1001C7EA,1001F200,1001C7EA,1001C7EA,1001C7EA,1001C7EA,1001F200,1001C7EA,1001C7EA,1001C7EA,1001C4C5,1001BD6D,1001BD6D,0_2_00401469
          Source: videodrv.exe, 00000001.00000003.1441374434.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1436702392.0000000003329000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1462315432.0000000003520000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: acs.exe
          Source: videodrv.exe, 00000001.00000003.1441374434.000000000352F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1436702392.0000000003329000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1462315432.0000000003520000.00000004.00000020.00020000.00000000.sdmpBinary or memory string: avp.exe

          Stealing of Sensitive Information

          barindex
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\minidumps\prefs.jsJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\2918063365piupsah.sqliteJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\Login Data For Account-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManagerJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\index-dir\the-real-indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\c64980e6-c743-4793-ba4a-89f593d4eb16Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\BudgetDatabase\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\key4.dbJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\first_party_sets.dbJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml\YouTube.icoJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\ShortcutsJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\trusted_vault.pbJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Web Data-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\3561288849sdhlie.sqliteJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\profiles.iniJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\attachments\metadataJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\search.json.mozlz4Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\6786f292-c1be-4996-99cd-77aa855c1844Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\blob_storage\BrowsingTopicsSiteDataJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\59bd13a9-8183-4ac7-8723-9621ae6d3748Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\NetworkDataMigratedJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Top SitesJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\index-dir\the-real-indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7b2ddd96-6d27-491a-a7e0-811ed320f1f0Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\bookmarkbackups\cookies.sqlite-walJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\to-be-removed\webappsstore.sqlite-walJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\to-be-removed\webappsstore.sqliteJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690340.2824c836-2afd-4a95-940b-ed2b991ba55d.event.jsonlz4Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Code Cache\wasm\indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\Secure PreferencesJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\_curlrcJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.dbJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\Cookies-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Storage\leveldb\Login DataJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\InterestGroupsJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.ico.md5Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\1451318868ntouromlalnodry--epcr.sqlite-walJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\2823318777ntouromlalnodry--naod.sqliteJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\session-state.jsonJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\InterestGroupsJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\InterestGroups-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\data_0Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\data_1Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\data_2Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM Store\Encryption\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\5e0297e1-aa9b-4634-aaf1-cfd1f718b993Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\Extension CookiesJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\minidumps\pkcs11.txtJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\6db12043-3902-4d45-8c5d-d992fbf6d4e7Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Session Storage\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\heavy_ad_intervention_opt_out.db-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\db\data.safe.binJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\ff032c8b-05e6-43c9-9e84-732dbe7aca27Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\3b7fc3d4-90d3-48a3-834f-e61d315e9a5cJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\favicons.sqlite-walJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web Data-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM Store\Encryption\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\Login Data-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\Visited LinksJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\reports\settings.datJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\minidumps\places.sqlite-shmJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Cookies-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\previous.jsonlz4Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_0Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_1Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_2Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6f70cc77-7837-4f44-9c31-7de59e446d67\BrowsingTopicsStateJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\handlers.jsonJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\data_3Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Docs.icoJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension CookiesJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\to-be-removed\targeting.snapshot.jsonJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\data_3Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\TransportSecurityJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Trust TokensJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\PreferredAppsJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Top Sites-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Visited LinksJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6f70cc77-7837-4f44-9c31-7de59e446d67\BrowsingTopicsSiteData-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\data_0Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Storage\leveldb\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\2c8e5eea-375d-48a9-ad4c-be583ff1215dJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Reporting and NELJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\1657114595AmcateirvtiSty.sqlite-walJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\PrivateAggregationJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag\Slides.icoJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Network Persistent StateJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13340965317813669Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\History-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\2823318777ntouromlalnodry--naod.sqlite-walJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\data_3Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\data_2Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651E6B15-1DD4.pmaJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Cache\Cache_Data\data_1Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Reporting and NEL-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\372e391e-787d-40e8-8beb-44106d6c22f4Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Session Storage\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\Top Sites-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\BudgetDatabase\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\NetworkDataMigratedJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Affiliation DatabaseJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695610.18a05d94-e006-440f-b702-3e398a280dbf.health.jsonlz4Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Network Persistent StateJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\2824c836-2afd-4a95-940b-ed2b991ba55dJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Session Storage\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Extension Settings\Top SitesJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690337.3be89113-af2b-4b48-9c47-40ac1156f7a2.new-profile.jsonlz4Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\01e461df-d85d-4561-a852-205de2d67f32Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\18a05d94-e006-440f-b702-3e398a280dbfJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak\Google Drive.ico.md5Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\.metadata-v2Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\TransportSecurityJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Session_13340965342984957Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\3870112724rsegmnoittet-es.sqlite-shmJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7917ce80-55b3-46ca-99c2-70537bbb959aJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\coupon_db\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\SharedStorageJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\58b46d46-b146-420f-81af-5b32c19a8aefJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\SharedStorageJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\js\indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\3870112724rsegmnoittet-es.sqliteJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\heavy_ad_intervention_opt_out.dbJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Web DataJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Trust Tokens-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\security_state\sessionCheckpoints.jsonJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Network Persistent StateJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_agimnkijcaahngcdmfeangaknmldooml\YouTube.ico.md5Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM Store\Encryption\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\SiteSecurityServiceState.txtJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\History-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation DatabaseJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\HistoryJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\InterestGroupsJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\databases\Databases.dbJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\hyphen-data\Last BrowserJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\e6e57dc0-d354-4d4a-8374-548b8e2bcc5dJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\3561288849sdhlie.sqlite-shmJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf\Sheets.icoJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\AutofillStrikeDatabase\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Storage\leveldb\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Sessions\Session_13340965317813669Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651E6B08-3C.pmaJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login DataJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695606.ff032c8b-05e6-43c9-9e84-732dbe7aca27.event.jsonlz4Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\758d1c71-5fff-4193-9977-7a57afa68bf7Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\sessionstore.jsonlz4Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\databases\Databases.db-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13340965343135326Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Microsoft\Edge\User Data\Default\History-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\to-be-removed\times.jsonJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\2918063365piupsah.sqlite-shmJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Session Storage\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Secure PreferencesJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\blob_storage\BrowsingTopicsStateJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\DIPS-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\to-be-removed\xulstore.jsonJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Network Action PredictorJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Sessions\Session_13340965342984957Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sessions\Tabs_13340965317929160Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Affiliation DatabaseJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Code Cache\wasm\indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\bookmarkbackups\compatibility.iniJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\extension-preferences.jsonJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\metadataJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\background-updateJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_1Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_0Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_3Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addonStartup.json.lz4Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\DawnCache\data_2Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\3be89113-af2b-4b48-9c47-40ac1156f7a2Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Trust TokensJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\heavy_ad_intervention_opt_out.dbJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Google Profile.icoJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\default\ls-archive.sqliteJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\InterestGroups-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fmgjjmmmlfnkbppncabfkddbjimcfncm\Gmail.icoJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\PreferencesJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Docs.ico.md5Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\favicons.sqliteJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM Store\Encryption\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\PreferencesJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\y572q81e.default\times.jsonJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_0Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_3Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_1Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Trust Tokens-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\data_2Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\databases\Databases.db-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\BudgetDatabase\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\f5c2d345-4cad-4c1a-a51d-15d682036066Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalStorageConfigDB\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\commerce_subscription_db\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\EntryDB\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\BrowsingTopicsSiteDataJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\ExperimentStoreData.jsonJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\1451318868ntouromlalnodry--epcr.sqlite-shmJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\DIPSJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\data_3Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\FaviconsJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DIPSJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Reporting and NEL-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\to-be-removed\webappsstore.sqlite-shmJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\Login DataJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\PrivateAggregation-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Session Storage\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Download Service\Files\Extension Cookies-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Storage\leveldb\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_3Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\events\eventsJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\to-be-removed\storage.sqliteJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7a27ea16-e265-40c0-823c-0125abf7d855Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\bookmarkbackups\cookies.sqlite-shmJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\data_0Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_0Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\data_2Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_1Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\data_1Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\data_2Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Login Data For AccountJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\Google Profile.icoJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Secure PreferencesJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Network Action PredictorJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DIPS-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\minidumps\places.sqlite-walJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\1657114595AmcateirvtiSty.sqliteJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_model_metadata_store\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\DawnCache\indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690347.6786f292-c1be-4996-99cd-77aa855c1844.first-shutdown.jsonlz4Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\PrivateAggregationJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Session Storage\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NELJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Network Action Predictor-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\History-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_aghbiahbpaijignceidepookljebhfak\Google Drive.icoJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\hyphen-data\Local StateJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\favicons.sqlite-shmJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Local Storage\leveldb\Login Data-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Affiliation Database-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651E6B18-1C6C.pmaJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\010cab1b-3626-48b5-9d6b-0e4dfe4db5faJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network Action PredictorJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\DIPSJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\trusted_vault.pbJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\minidumps\parent.lockJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Code Cache\js\indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Local Storage\leveldb\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\PrivateAggregationJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651E6B0B-1978.pmaJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\7f0194d6-62d6-4174-a7ed-55ebc13aacb4Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\addons.jsonJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Network\Reporting and NEL-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\2b167346-5f76-4c00-8f97-19cee0df0fbaJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\bookmarkbackups\cookies.sqliteJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\6260e81e-5ef5-4137-a0a5-7930ea6f0a75Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_3Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_2Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_1Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\GPUCache\data_0Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\saved-telemetry-pings\edd11145-a3b3-4ebf-ba7b-14b7ec08f19fJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Crashpad\settings.datJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\bookmarkbackups\cert9.dbJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\minidumps\protections.sqliteJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3870112724rsegmnoittet-es.files\3870112724rsegmnoittet-es.sqlite-walJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Trust Tokens-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1657114595AmcateirvtiSty.files\1657114595AmcateirvtiSty.sqlite-shmJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\coupon_db\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Shortcuts-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695562.2c8e5eea-375d-48a9-ad4c-be583ff1215d.health.jsonlz4Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\minidumps\permissions.sqliteJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Reporting and NELJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM Store\Encryption\Google Profile.icoJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SignalDB\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\1451318868ntouromlalnodry--epcr.files\1451318868ntouromlalnodry--epcr.sqliteJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651E68DC-2698.pmaJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\InterestGroups-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\AlternateServices.txtJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\bookmarkbackups\containers.jsonJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\shield-preference-experiments.jsonJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651E6B06-1BF4.pmaJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Download Service\Extension CookiesJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\minidumps\places.sqliteJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\coupon_db\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Affiliation Database-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\ShortcutsJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Segmentation Platform\SegmentInfoDB\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\First RunJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491695614.edd11145-a3b3-4ebf-ba7b-14b7ec08f19f.main.jsonlz4Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension State\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Extension Scripts\MANIFEST-000001Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Microsoft\Edge\User Data\Default\Network\CookiesJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Sync Data\LevelDB\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2823318777ntouromlalnodry--naod.files\2823318777ntouromlalnodry--naod.sqlite-shmJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GPUCache\HistoryJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\Login Data-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Local Storage\leveldb\Login Data For AccountJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\WebStorage\QuotaManager-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Site Characteristics Database\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\archived\2023-10\1696491690344.6260e81e-5ef5-4137-a0a5-7930ea6f0a75.main.jsonlz4Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\2918063365piupsah.files\2918063365piupsah.sqlite-walJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Rules\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\AvailabilityDB\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_mpnpojknpmmopombnjdcgaaiekajbnjb\Web DataJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\HistoryJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\optimization_guide_hint_cache_store\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_fhihpiojkbmbpdjeoajapmgkhlnakfjf\Sheets.ico.md5Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\054622d9-6ed7-4f25-87fd-b3a9cd668b65Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\12672553-cb8c-4210-ae02-a59c1a541208Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Web Applications\_crx_kefjledonklijopmnomlcbpllchaibag\Slides.ico.md5Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\b3c274f7-6fd8-4832-989b-74a48f86b6b5Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\storage\permanent\chrome\idb\3561288849sdhlie.files\3561288849sdhlie.sqlite-walJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GPUCache\indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\PreferencesJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\ShaderCache\VariationsJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Feature Engagement Tracker\EventDB\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\blob_storage\6f70cc77-7837-4f44-9c31-7de59e446d67\BrowsingTopicsSiteDataJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\GCM Store\Encryption\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\hyphen-data\Last VersionJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\index-dir\the-real-indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\PreferredAppsJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Favicons-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\CURRENTJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\NetworkDataMigratedJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\metadata\Shortcuts-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\BrowsingTopicsStateJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\HistoryJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\pending_pings\6c257ec7-9ee7-4e42-91a6-7d3b50c23b76Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\DawnCache\DIPS-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\shared_proto_db\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\bookmarkbackups\content-prefs.sqliteJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\PreferredAppsJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\coupon_db\LOCKJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\GCM Store\Encryption\LOGJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\sessionstore-backups\upgrade.jsonlz4-20230927232528Jump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension State\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\wasm\indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Code Cache\js\index-dir\the-real-indexJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\fu7wner3.default-release\datareporting\glean\tmp\state.jsonJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\BrowserMetrics\BrowserMetrics-651E6B0E-186C.pmaJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\Network Action Predictor-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Storage\ext\nmmhkkegccagdldgiimedpiccmgmieda\def\Network\Trust TokensJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extension Scripts\000003.logJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Application Data\Google\Chrome\User Data\Default\Network\PrivateAggregation-journalJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Session Storage\LOG.oldJump to behavior
          Source: C:\Windows\videodrv.exeFile opened: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\PersistentOriginTrials\LOG.oldJump to behavior
          ReconnaissanceResource DevelopmentInitial AccessExecutionPersistencePrivilege EscalationDefense EvasionCredential AccessDiscoveryLateral MovementCollectionCommand and ControlExfiltrationImpact
          Gather Victim Identity InformationAcquire InfrastructureValid Accounts1
          Native API
          1
          Registry Run Keys / Startup Folder
          1
          Process Injection
          12
          Masquerading
          1
          OS Credential Dumping
          1
          System Time Discovery
          Remote Services1
          Credential API Hooking
          1
          Non-Application Layer Protocol
          Exfiltration Over Other Network MediumAbuse Accessibility Features
          CredentialsDomainsDefault AccountsScheduled Task/Job1
          DLL Side-Loading
          1
          Registry Run Keys / Startup Folder
          21
          Virtualization/Sandbox Evasion
          1
          Credential API Hooking
          221
          Security Software Discovery
          Remote Desktop Protocol1
          Data from Local System
          11
          Application Layer Protocol
          Exfiltration Over BluetoothNetwork Denial of Service
          Email AddressesDNS ServerDomain AccountsAtLogon Script (Windows)1
          DLL Side-Loading
          1
          Process Injection
          Security Account Manager21
          Virtualization/Sandbox Evasion
          SMB/Windows Admin SharesData from Network Shared DriveSteganographyAutomated ExfiltrationData Encrypted for Impact
          Employee NamesVirtual Private ServerLocal AccountsCronLogin HookLogin Hook1
          Deobfuscate/Decode Files or Information
          NTDS1
          Application Window Discovery
          Distributed Component Object ModelInput CaptureProtocol ImpersonationTraffic DuplicationData Destruction
          Gather Victim Network InformationServerCloud AccountsLaunchdNetwork Logon ScriptNetwork Logon Script11
          Obfuscated Files or Information
          LSA Secrets3
          File and Directory Discovery
          SSHKeyloggingFallback ChannelsScheduled TransferData Encrypted for Impact
          Domain PropertiesBotnetReplication Through Removable MediaScheduled TaskRC ScriptsRC Scripts1
          Software Packing
          Cached Domain Credentials2
          System Information Discovery
          VNCGUI Input CaptureMultiband CommunicationData Transfer Size LimitsService Stop
          DNSWeb ServicesExternal Remote ServicesSystemd TimersStartup ItemsStartup Items1
          DLL Side-Loading
          DCSyncRemote System DiscoveryWindows Remote ManagementWeb Portal CaptureCommonly Used PortExfiltration Over C2 ChannelInhibit System Recovery
          Hide Legend

          Legend:

          • Process
          • Signature
          • Created File
          • DNS/IP Info
          • Is Dropped
          • Is Windows Process
          • Number of created Registry Values
          • Number of created Files
          • Visual Basic
          • Delphi
          • Java
          • .Net C# or VB.NET
          • C, C++ or other language
          • Is malicious
          • Internet
          behaviorgraph top1 dnsIp2 2 Behavior Graph ID: 1536323 Sample: 4ui8luUSNp.exe Startdate: 17/10/2024 Architecture: WINDOWS Score: 100 29 www.google.com 2->29 31 w0187a3c.kasserver.com 2->31 33 15 other IPs or domains 2->33 55 Antivirus detection for dropped file 2->55 57 Antivirus / Scanner detection for submitted sample 2->57 59 Multi AV Scanner detection for submitted file 2->59 61 4 other signatures 2->61 8 4ui8luUSNp.exe 1 2 2->8         started        12 videodrv.exe 2->12         started        signatures3 process4 dnsIp5 21 C:\Windows\videodrv.exe, PE32 8->21 dropped 23 C:\Windows\videodrv.exe:Zone.Identifier, ASCII 8->23 dropped 63 Drops executables to the windows directory (C:\Windows) and starts them 8->63 15 videodrv.exe 3 8->15         started        35 mylivewallpapers.com 192.124.249.110, 25 SUCURI-SECUS United States 12->35 37 mx2.schule-studium.de 217.13.200.22, 25 SPEEDBONE-ASDE Germany 12->37 39 43 other IPs or domains 12->39 25 C:\Windows\zip.tmp, Zip 12->25 dropped 27 C:\Windows\exe.tmp, data 12->27 dropped 65 Tries to harvest and steal browser information (history, passwords, etc) 12->65 file6 signatures7 process8 dnsIp9 41 aspmx3.googlemail.com 142.251.9.27, 25 GOOGLEUS United States 15->41 43 smtp.google.com 74.125.206.27, 25 GOOGLEUS United States 15->43 45 4 other IPs or domains 15->45 47 Antivirus detection for dropped file 15->47 49 Multi AV Scanner detection for dropped file 15->49 51 Machine Learning detection for dropped file 15->51 53 3 other signatures 15->53 19 WerFault.exe 21 16 15->19         started        signatures10 process11

          This section contains all screenshots as thumbnails, including those not shown in the slideshow.


          windows-stand
          SourceDetectionScannerLabelLink
          4ui8luUSNp.exe95%ReversingLabsWin32.Worm.MiMail
          4ui8luUSNp.exe100%AviraWORM/Mimail.A1
          4ui8luUSNp.exe100%Joe Sandbox ML
          SourceDetectionScannerLabelLink
          C:\Windows\exe.tmp100%AviraWORM/Mimail.A2
          100%AviraWORM/Mimail.A2
          C:\Windows\videodrv.exe100%AviraWORM/Mimail.A1
          C:\Windows\zip.tmp100%AviraWORM/Mimail.A2
          C:\Windows\videodrv.exe100%Joe Sandbox ML
          C:\Windows\videodrv.exe95%ReversingLabsWin32.Worm.MiMail
          No Antivirus matches
          No Antivirus matches
          SourceDetectionScannerLabelLink
          http://www.chambersign.org10%URL Reputationsafe
          http://repository.swisssign.com/00%URL Reputationsafe
          https://deff.nelreports.net/api/report?cat=msn0%URL Reputationsafe
          http://policy.camerfirma.com00%URL Reputationsafe
          http://www.accv.es000%URL Reputationsafe
          http://www.firmaprofesional.com/cps00%URL Reputationsafe
          http://crl.securetrust.com/SGCA.crl00%URL Reputationsafe
          http://www.quovadisglobal.com/cps00%URL Reputationsafe
          https://profiler.firefox.com0%URL Reputationsafe
          https://outlook.live.com/default.aspx?rru=compose&to=%s0%URL Reputationsafe
          NameIPActiveMaliciousAntivirus DetectionReputation
          mylivewallpapers.com
          192.124.249.110
          truefalse
            unknown
            mail.microsec.hu
            193.42.222.38
            truefalse
              unknown
              mx2.schule-studium.de
              217.13.200.22
              truefalse
                unknown
                w0187a3c.kasserver.com
                85.13.166.174
                truefalse
                  unknown
                  s-part-0017.t-0009.t-msedge.net
                  13.107.246.45
                  truefalse
                    unknown
                    outlook-com.olc.protection.outlook.com
                    52.101.42.5
                    truefalse
                      unknown
                      mx00.ionos.de
                      212.227.15.41
                      truefalse
                        unknown
                        mx04.mail.millenniumarts.net
                        91.198.189.25
                        truefalse
                          unknown
                          alt4.gmail-smtp-in.l.google.com
                          74.125.200.26
                          truefalse
                            unknown
                            sk-ee.mail.protection.outlook.com
                            52.101.73.28
                            truefalse
                              unknown
                              pommes.hebbet.de
                              116.202.20.146
                              truefalse
                                unknown
                                aspmx3.googlemail.com
                                142.251.9.27
                                truefalse
                                  unknown
                                  www.google.com
                                  142.250.184.196
                                  truefalse
                                    unknown
                                    smtp.google.com
                                    74.125.206.27
                                    truefalse
                                      unknown
                                      googlewatchblog.de
                                      unknown
                                      unknownfalse
                                        unknown
                                        wirsiegen.de
                                        unknown
                                        unknownfalse
                                          unknown
                                          mozilla.com
                                          unknown
                                          unknownfalse
                                            unknown
                                            belgieninfo.net
                                            unknown
                                            unknownfalse
                                              unknown
                                              blog.lesoir.be
                                              unknown
                                              unknownfalse
                                                unknown
                                                tripadvisor.com
                                                unknown
                                                unknownfalse
                                                  unknown
                                                  trustcentre.co.za
                                                  unknown
                                                  unknownfalse
                                                    unknown
                                                    catcert.net
                                                    unknown
                                                    unknownfalse
                                                      unknown
                                                      guenstiger.de
                                                      unknown
                                                      unknownfalse
                                                        unknown
                                                        google.com
                                                        unknown
                                                        unknownfalse
                                                          unknown
                                                          mtin.es
                                                          unknown
                                                          unknownfalse
                                                            unknown
                                                            in.hes.trendmicro.eu
                                                            unknown
                                                            unknownfalse
                                                              unknown
                                                              games.ch
                                                              unknown
                                                              unknownfalse
                                                                unknown
                                                                stroeerdigitalgroup.de
                                                                unknown
                                                                unknownfalse
                                                                  unknown
                                                                  delamar.de
                                                                  unknown
                                                                  unknownfalse
                                                                    unknown
                                                                    mozilla.org.xpi
                                                                    unknown
                                                                    unknownfalse
                                                                      unknown
                                                                      fanpelis.ac
                                                                      unknown
                                                                      unknownfalse
                                                                        unknown
                                                                        wp.com
                                                                        unknown
                                                                        unknownfalse
                                                                          unknown
                                                                          2x.png
                                                                          unknown
                                                                          unknownfalse
                                                                            unknown
                                                                            time.windows.com
                                                                            unknown
                                                                            unknownfalse
                                                                              unknown
                                                                              ads.talkscreativity.com
                                                                              unknown
                                                                              unknownfalse
                                                                                unknown
                                                                                candidate.hr-manager.net
                                                                                unknown
                                                                                unknownfalse
                                                                                  unknown
                                                                                  windowspower.de
                                                                                  unknown
                                                                                  unknownfalse
                                                                                    unknown
                                                                                    lintorfer.eu
                                                                                    unknown
                                                                                    unknownfalse
                                                                                      unknown
                                                                                      search.mozilla.org
                                                                                      unknown
                                                                                      unknownfalse
                                                                                        unknown
                                                                                        schule-studium.de
                                                                                        unknown
                                                                                        unknownfalse
                                                                                          unknown
                                                                                          chambersign.org
                                                                                          unknown
                                                                                          unknownfalse
                                                                                            unknown
                                                                                            gmail.com
                                                                                            unknown
                                                                                            unknownfalse
                                                                                              unknown
                                                                                              mozilla.org
                                                                                              unknown
                                                                                              unknownfalse
                                                                                                unknown
                                                                                                e-szigno.hu
                                                                                                unknown
                                                                                                unknownfalse
                                                                                                  unknown
                                                                                                  accv.es
                                                                                                  unknown
                                                                                                  unknownfalse
                                                                                                    unknown
                                                                                                    outlook.com
                                                                                                    unknown
                                                                                                    unknownfalse
                                                                                                      unknown
                                                                                                      sk.ee
                                                                                                      unknown
                                                                                                      unknownfalse
                                                                                                        unknown
                                                                                                        radiosantiago.cl
                                                                                                        unknown
                                                                                                        unknownfalse
                                                                                                          unknown
                                                                                                          garagejournal.com
                                                                                                          unknown
                                                                                                          unknownfalse
                                                                                                            unknown
                                                                                                            zentrum-der-gesundheit.de
                                                                                                            unknown
                                                                                                            unknownfalse
                                                                                                              unknown
                                                                                                              NameSourceMaliciousAntivirus DetectionReputation
                                                                                                              https://www.openh264.org//videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                unknown
                                                                                                                http://ads.williamhill.it/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                  unknown
                                                                                                                  https://fp-afd.azurefd.us/apc/trans.gif?a2555e10569a45fe03b885d268c50da9videodrv.exe, 00000001.00000003.1515194577.0000000004D2B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                    unknown
                                                                                                                    http://display.tracksafe.click/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                      unknown
                                                                                                                      https://basket.mozilla.org/news/subscribe_sms/videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                        unknown
                                                                                                                        https://link.offerte2019.info/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                          unknown
                                                                                                                          https://mediaserver.bwinpartypartners.it/renderBanner.do?videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                            unknown
                                                                                                                            https://prf.hn/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                              unknown
                                                                                                                              http://sertifikati.ca.posta.rs/crl/PostaCARoot.crl0videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                unknown
                                                                                                                                https://iqbroker.com/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                  unknown
                                                                                                                                  https://adserver.html.it/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    unknown
                                                                                                                                    http://www.chambersign.org1videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    unknown
                                                                                                                                    http://repository.swisssign.com/0videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                    • URL Reputation: safe
                                                                                                                                    unknown
                                                                                                                                    https://www.amazon.it/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                      unknown
                                                                                                                                      http://clkuk.tradedoubler.com/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                        unknown
                                                                                                                                        https://aefd.nelreports.net/api/report?cat=bingaotakvideodrv.exe, 00000001.00000003.1476511575.000000000352A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          unknown
                                                                                                                                          https://deff.nelreports.net/api/report?cat=msnvideodrv.exe, 00000001.00000003.1454608483.0000000003EFB000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1510001960.000000000353F000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                          • URL Reputation: safe
                                                                                                                                          unknown
                                                                                                                                          http://ca2.mtin.es/mtin/crl/MTINAutoridadRaiz0videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                            unknown
                                                                                                                                            https://it.dhgate.com/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                              unknown
                                                                                                                                              http://tracker.tradedoubler.com/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                unknown
                                                                                                                                                https://ebay.comvideodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                  unknown
                                                                                                                                                  https://screenshots.firefox.comvideodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                    unknown
                                                                                                                                                    https://jooble.org/images/logo_48x61.gif)videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                      unknown
                                                                                                                                                      https://www.primevideo.com/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                        unknown
                                                                                                                                                        https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordsmvideodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                          unknown
                                                                                                                                                          https://ebay.us/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                            unknown
                                                                                                                                                            https://www.dazn.com/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                              unknown
                                                                                                                                                              http://msn.comvideodrv.exe, 00000001.00000003.1454386841.0000000003AF2000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                unknown
                                                                                                                                                                https://universofree.net/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                  unknown
                                                                                                                                                                  https://group.intesasanpaolo.com/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                    unknown
                                                                                                                                                                    http://pki.registradores.org/normativa/index.htm0videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      unknown
                                                                                                                                                                      http://policy.camerfirma.com0videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                      • URL Reputation: safe
                                                                                                                                                                      unknown
                                                                                                                                                                      https://rover.ebay.com/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                        unknown
                                                                                                                                                                        https://casinohex.it/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                          unknown
                                                                                                                                                                          http://acraiz.icpbrasil.gov.br/DPCacraiz.pdf0?videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                            unknown
                                                                                                                                                                            https://record.betpartners.it/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                              unknown
                                                                                                                                                                              http://www.uce.gub.uy/informacion-tecnica/politicas/cp_acrn.pdf0Gvideodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                unknown
                                                                                                                                                                                https://firefox.settings.services.mozilla.com/v1ivideodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                  unknown
                                                                                                                                                                                  https://fpn.firefox.comvideodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                    unknown
                                                                                                                                                                                    https://www.scommettievinci.net/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                      unknown
                                                                                                                                                                                      https://www.google.com/policies/privacy/2videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                        unknown
                                                                                                                                                                                        https://clk.tradedoubler.com/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                          unknown
                                                                                                                                                                                          https://www.18carati.com/?acc=videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                            unknown
                                                                                                                                                                                            https://support.mozilla.org/kb/warning-unresponsive-script#w_other-causesvideodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                              unknown
                                                                                                                                                                                              http://www.globaltrust.info0videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                unknown
                                                                                                                                                                                                https://httpslink.com/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                  unknown
                                                                                                                                                                                                  https://www.youtube.com/videodrv.exe, 00000001.00000003.1523012493.00000000046F5000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                    unknown
                                                                                                                                                                                                    http://adv.comunicareimpresa.com/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                      unknown
                                                                                                                                                                                                      https://preferredby.me/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                        unknown
                                                                                                                                                                                                        https://r.bing-videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                          unknown
                                                                                                                                                                                                          https://www.anrdoezrs.net/click-videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                            unknown
                                                                                                                                                                                                            https://www.worldnomads.it/?affiliate=videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                              unknown
                                                                                                                                                                                                              https://getpocket.com/videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                unknown
                                                                                                                                                                                                                https://firefox.settings.services.allizom.org/v1/buckets/main/collections/search-config/recordsmrvideodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                  unknown
                                                                                                                                                                                                                  https://ebay.to/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                    unknown
                                                                                                                                                                                                                    https://merino.services.mozilla.com/api/v1/suggest5videodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                      unknown
                                                                                                                                                                                                                      https://www.centoxcento.net/?track=videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                        unknown
                                                                                                                                                                                                                        http://www.djpoint.net/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                          unknown
                                                                                                                                                                                                                          http://www.accv.es/fileadmin/Archivos/certificados/raizaccv1.crt0videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                            unknown
                                                                                                                                                                                                                            https://amazon.comvideodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                              unknown
                                                                                                                                                                                                                              http://adv.ilsole24ore.it/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                unknown
                                                                                                                                                                                                                                http://www.betwin.co.itvideodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                  unknown
                                                                                                                                                                                                                                  https://firefox-source-docs.mozilla.org/browser/components/newtab/content-src/asrouter/docs/debugginvideodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                    unknown
                                                                                                                                                                                                                                    https://promonow.shop/offers.php?videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                      unknown
                                                                                                                                                                                                                                      http://tiny.cc/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                        unknown
                                                                                                                                                                                                                                        https://aefd.nelreports.net/api/report?cat=bingrmsvideodrv.exe, 00000001.00000003.1515194577.0000000004CB3000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1477354145.0000000004529000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000044F1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.000000000359F000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1515194577.0000000004C8B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444521942.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1445684065.00000000040A1000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476511575.000000000352A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                          unknown
                                                                                                                                                                                                                                          https://firefox.settings.services.mozilla.com/v1i#videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                            unknown
                                                                                                                                                                                                                                            http://certs.oaticerts.com/repository/OATICA2.crlvideodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                              unknown
                                                                                                                                                                                                                                              https://basket.mozilla.org/subscribe.jsonvideodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                unknown
                                                                                                                                                                                                                                                http://certs.oati.net/repository/OATICA2.crt0videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  unknown
                                                                                                                                                                                                                                                  http://www.accv.es00videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                  • URL Reputation: safe
                                                                                                                                                                                                                                                  unknown
                                                                                                                                                                                                                                                  https://affiliazioniads.snai.it/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                    unknown
                                                                                                                                                                                                                                                    http://fb.me/use-check-prop-typesGvideodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                      unknown
                                                                                                                                                                                                                                                      https://affiliation.software/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                        unknown
                                                                                                                                                                                                                                                        http://crl2.postsignum.cz/crl/psrootqca4.crl01videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                          unknown
                                                                                                                                                                                                                                                          https://fb.me/react-polyfillsPvideodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                            unknown
                                                                                                                                                                                                                                                            https://aefd.nelreports.net/api/report?cat=bingthvideodrv.exe, 00000001.00000003.1515194577.0000000004D2B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                              unknown
                                                                                                                                                                                                                                                              http://affiliazioniads.snai.it/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                unknown
                                                                                                                                                                                                                                                                https://fb.me/react-polyfillsOvideodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                  unknown
                                                                                                                                                                                                                                                                  https://casinostudio3000.com/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                    unknown
                                                                                                                                                                                                                                                                    https://yandex.comvideodrv.exe, 00000001.00000003.1522131133.00000000046F2000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                      unknown
                                                                                                                                                                                                                                                                      http://www.inbox.lv/rfc2368/?value=%suvideodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        unknown
                                                                                                                                                                                                                                                                        http://www.firmaprofesional.com/cps0videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                        • URL Reputation: safe
                                                                                                                                                                                                                                                                        unknown
                                                                                                                                                                                                                                                                        https://platform.gadaffiliates.com/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          unknown
                                                                                                                                                                                                                                                                          http://crl.securetrust.com/SGCA.crl0videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                          • URL Reputation: safe
                                                                                                                                                                                                                                                                          unknown
                                                                                                                                                                                                                                                                          http://www.agesic.gub.uy/acrn/acrn.crl0)videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                            unknown
                                                                                                                                                                                                                                                                            https://clkuk.tradedoubler.com/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                              unknown
                                                                                                                                                                                                                                                                              https://www.ebay.it/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                unknown
                                                                                                                                                                                                                                                                                https://fp-afd.azurefd.us/apc/trans.gif?69c749c200c753dfb00f5bc8299ab8ebvideodrv.exe, 00000001.00000003.1515194577.0000000004D2B000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                  unknown
                                                                                                                                                                                                                                                                                  https://snippets.mozilla.com/show/videodrv.exe, 00000001.00000003.1519219447.00000000046FB000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                    unknown
                                                                                                                                                                                                                                                                                    http://www.quovadisglobal.com/cps0videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                    • URL Reputation: safe
                                                                                                                                                                                                                                                                                    unknown
                                                                                                                                                                                                                                                                                    http://direct.juiceadv.com/aff_videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                      unknown
                                                                                                                                                                                                                                                                                      http://crazylead.com/video/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                        unknown
                                                                                                                                                                                                                                                                                        https://aefd.nelvideodrv.exe, 00000001.00000003.1444521942.0000000003523000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1444793486.0000000003556000.00000004.00000020.00020000.00000000.sdmp, videodrv.exe, 00000001.00000003.1476511575.000000000352A000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                          unknown
                                                                                                                                                                                                                                                                                          https://www2.razer.com/videodrv.exe, 00000001.00000003.1503640100.0000000003EF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                            unknown
                                                                                                                                                                                                                                                                                            https://profiler.firefox.comvideodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                                                                                                                                            unknown
                                                                                                                                                                                                                                                                                            https://outlook.live.com/default.aspx?rru=compose&to=%svideodrv.exe, 00000001.00000003.1520906615.00000000046F4000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                            • URL Reputation: safe
                                                                                                                                                                                                                                                                                            unknown
                                                                                                                                                                                                                                                                                            http://certs.oaticerts.com/repository/OATICA2.crt08videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                              unknown
                                                                                                                                                                                                                                                                                              https://M365CDN.nel.measure.office-92videodrv.exe, 00000001.00000003.1510393046.000000000354B000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                unknown
                                                                                                                                                                                                                                                                                                http://cps.chambersign.org/cps/chambersignroot.html0videodrv.exe, 00000001.00000003.1461418551.0000000003AF1000.00000004.00000020.00020000.00000000.sdmpfalse
                                                                                                                                                                                                                                                                                                  unknown
                                                                                                                                                                                                                                                                                                  • No. of IPs < 25%
                                                                                                                                                                                                                                                                                                  • 25% < No. of IPs < 50%
                                                                                                                                                                                                                                                                                                  • 50% < No. of IPs < 75%
                                                                                                                                                                                                                                                                                                  • 75% < No. of IPs
                                                                                                                                                                                                                                                                                                  IPDomainCountryFlagASNASN NameMalicious
                                                                                                                                                                                                                                                                                                  193.42.222.38
                                                                                                                                                                                                                                                                                                  mail.microsec.huHungary
                                                                                                                                                                                                                                                                                                  34563MICROSEC-ASHUfalse
                                                                                                                                                                                                                                                                                                  74.125.200.26
                                                                                                                                                                                                                                                                                                  alt4.gmail-smtp-in.l.google.comUnited States
                                                                                                                                                                                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                                  85.13.166.174
                                                                                                                                                                                                                                                                                                  w0187a3c.kasserver.comGermany
                                                                                                                                                                                                                                                                                                  34788NMM-ASD-02742FriedersdorfHauptstrasse68DEfalse
                                                                                                                                                                                                                                                                                                  142.251.9.27
                                                                                                                                                                                                                                                                                                  aspmx3.googlemail.comUnited States
                                                                                                                                                                                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                                  74.125.206.27
                                                                                                                                                                                                                                                                                                  smtp.google.comUnited States
                                                                                                                                                                                                                                                                                                  15169GOOGLEUSfalse
                                                                                                                                                                                                                                                                                                  52.101.42.5
                                                                                                                                                                                                                                                                                                  outlook-com.olc.protection.outlook.comUnited States
                                                                                                                                                                                                                                                                                                  8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                                                                  91.198.189.25
                                                                                                                                                                                                                                                                                                  mx04.mail.millenniumarts.netGermany
                                                                                                                                                                                                                                                                                                  47692NESSUSATfalse
                                                                                                                                                                                                                                                                                                  52.101.73.28
                                                                                                                                                                                                                                                                                                  sk-ee.mail.protection.outlook.comUnited States
                                                                                                                                                                                                                                                                                                  8075MICROSOFT-CORP-MSN-AS-BLOCKUSfalse
                                                                                                                                                                                                                                                                                                  192.124.249.110
                                                                                                                                                                                                                                                                                                  mylivewallpapers.comUnited States
                                                                                                                                                                                                                                                                                                  30148SUCURI-SECUSfalse
                                                                                                                                                                                                                                                                                                  212.227.15.41
                                                                                                                                                                                                                                                                                                  mx00.ionos.deGermany
                                                                                                                                                                                                                                                                                                  8560ONEANDONE-ASBrauerstrasse48DEfalse
                                                                                                                                                                                                                                                                                                  116.202.20.146
                                                                                                                                                                                                                                                                                                  pommes.hebbet.deGermany
                                                                                                                                                                                                                                                                                                  24940HETZNER-ASDEfalse
                                                                                                                                                                                                                                                                                                  217.13.200.22
                                                                                                                                                                                                                                                                                                  mx2.schule-studium.deGermany
                                                                                                                                                                                                                                                                                                  15657SPEEDBONE-ASDEfalse
                                                                                                                                                                                                                                                                                                  Joe Sandbox version:41.0.0 Charoite
                                                                                                                                                                                                                                                                                                  Analysis ID:1536323
                                                                                                                                                                                                                                                                                                  Start date and time:2024-10-17 20:01:14 +02:00
                                                                                                                                                                                                                                                                                                  Joe Sandbox product:CloudBasic
                                                                                                                                                                                                                                                                                                  Overall analysis duration:0h 9m 39s
                                                                                                                                                                                                                                                                                                  Hypervisor based Inspection enabled:false
                                                                                                                                                                                                                                                                                                  Report type:full
                                                                                                                                                                                                                                                                                                  Cookbook file name:default.jbs
                                                                                                                                                                                                                                                                                                  Analysis system description:Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 117, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01
                                                                                                                                                                                                                                                                                                  Number of analysed new started processes analysed:14
                                                                                                                                                                                                                                                                                                  Number of new started drivers analysed:0
                                                                                                                                                                                                                                                                                                  Number of existing processes analysed:0
                                                                                                                                                                                                                                                                                                  Number of existing drivers analysed:0
                                                                                                                                                                                                                                                                                                  Number of injected processes analysed:0
                                                                                                                                                                                                                                                                                                  Technologies:
                                                                                                                                                                                                                                                                                                  • HCA enabled
                                                                                                                                                                                                                                                                                                  • EGA enabled
                                                                                                                                                                                                                                                                                                  • AMSI enabled
                                                                                                                                                                                                                                                                                                  Analysis Mode:default
                                                                                                                                                                                                                                                                                                  Analysis stop reason:Timeout
                                                                                                                                                                                                                                                                                                  Sample name:4ui8luUSNp.exe
                                                                                                                                                                                                                                                                                                  renamed because original name is a hash value
                                                                                                                                                                                                                                                                                                  Original Sample Name:5a6beb7ab22fc65258d7d3681ce668058f93b7a2eb534b42b799aa8e61595c08.exe
                                                                                                                                                                                                                                                                                                  Detection:MAL
                                                                                                                                                                                                                                                                                                  Classification:mal100.spyw.evad.mine.winEXE@5/14@72/12
                                                                                                                                                                                                                                                                                                  EGA Information:
                                                                                                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                                                                                                  HCA Information:
                                                                                                                                                                                                                                                                                                  • Successful, ratio: 100%
                                                                                                                                                                                                                                                                                                  • Number of executed functions: 4
                                                                                                                                                                                                                                                                                                  • Number of non-executed functions: 28
                                                                                                                                                                                                                                                                                                  Cookbook Comments:
                                                                                                                                                                                                                                                                                                  • Found application associated with file extension: .exe
                                                                                                                                                                                                                                                                                                  • Override analysis time to 240000 for current running targets taking high CPU consumption
                                                                                                                                                                                                                                                                                                  • Exclude process from analysis (whitelisted): MpCmdRun.exe, dllhost.exe, WerFault.exe, WMIADAP.exe, SIHClient.exe, conhost.exe, backgroundTaskHost.exe, svchost.exe
                                                                                                                                                                                                                                                                                                  • Excluded IPs from analysis (whitelisted): 13.95.65.251, 20.189.173.20
                                                                                                                                                                                                                                                                                                  • Excluded domains from analysis (whitelisted): slscr.update.microsoft.com, otelrules.azureedge.net, twc.trafficmanager.net, otelrules.afd.azureedge.net, onedsblobprdwus15.westus.cloudapp.azure.com, ctldl.windowsupdate.com, pagead2.googlesyndication.com, dns.msftncsi.com, fe3cr.delivery.mp.microsoft.com, login.live.com, blobcollector.events.data.trafficmanager.net, azureedge-t-prod.trafficmanager.net, umwatson.events.data.microsoft.com
                                                                                                                                                                                                                                                                                                  • Not all processes where analyzed, report is missing behavior information
                                                                                                                                                                                                                                                                                                  • Report size exceeded maximum capacity and may have missing behavior information.
                                                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtCreateFile calls found.
                                                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenFile calls found.
                                                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtOpenKeyEx calls found.
                                                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtQueryValueKey calls found.
                                                                                                                                                                                                                                                                                                  • Report size getting too big, too many NtReadFile calls found.
                                                                                                                                                                                                                                                                                                  • VT rate limit hit for: 4ui8luUSNp.exe
                                                                                                                                                                                                                                                                                                  TimeTypeDescription
                                                                                                                                                                                                                                                                                                  14:02:29API Interceptor8413298x Sleep call for process: videodrv.exe modified
                                                                                                                                                                                                                                                                                                  14:03:10API Interceptor1x Sleep call for process: WerFault.exe modified
                                                                                                                                                                                                                                                                                                  20:02:26AutostartRun: HKLM\Software\Microsoft\Windows\CurrentVersion\Run VideoDriver C:\Windows\videodrv.exe
                                                                                                                                                                                                                                                                                                  MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                  193.42.222.38rLJ135TPN7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                    test.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                      192.124.249.110http://www.nucsoft.com/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                        212.227.15.41La60esvnOK.exeGet hashmaliciousRaccoon SmokeLoader Tofsee Vidar XmrigBrowse
                                                                                                                                                                                                                                                                                                          RyGaFxV75v.exeGet hashmaliciousRaccoon RedLine SmokeLoader Tofsee XmrigBrowse
                                                                                                                                                                                                                                                                                                            kATDFWvtje.exeGet hashmaliciousRaccoon RedLine SmokeLoader Tofsee XmrigBrowse
                                                                                                                                                                                                                                                                                                              z5YaDxVg34.exeGet hashmaliciousRaccoon RedLine SmokeLoader Tofsee XmrigBrowse
                                                                                                                                                                                                                                                                                                                PD5Aay36rP.exeGet hashmaliciousRaccoon RedLine Shiotob SmokeLoader Tofsee XmrigBrowse
                                                                                                                                                                                                                                                                                                                  52.101.73.28DPqKF5vqpe.exeGet hashmaliciousLummaC, Python Stealer, Amadey, Monster Stealer, PureLog Stealer, RedLine, SystemBCBrowse
                                                                                                                                                                                                                                                                                                                    EGpGxFlJO8.exeGet hashmaliciousGlupteba, Mars Stealer, SmokeLoader, Stealc, VidarBrowse
                                                                                                                                                                                                                                                                                                                      file.exeGet hashmaliciousRedLine, SmokeLoaderBrowse
                                                                                                                                                                                                                                                                                                                        rLJ135TPN7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                          mail.microsec.hurLJ135TPN7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 193.42.222.38
                                                                                                                                                                                                                                                                                                                          test.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 193.42.222.38
                                                                                                                                                                                                                                                                                                                          s-part-0017.t-0009.t-msedge.netfile.exeGet hashmaliciousLummaC, Amadey, Credential Flusher, LummaC Stealer, StealcBrowse
                                                                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                                                                          https://oplaesa.krtra.com/c/HEacb57dq4Yf/pNyXGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousVidarBrowse
                                                                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                                                                          https://enkonooh.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9Ym1RNFV6RT0mdWlkPVVTRVIxMDEwMjAyNFUyMTEwMTAyNw==#Get hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                                                                          xkIF42iMFB.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                                                                          RuOufbwKA4.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                                                                          cWUHvDMook.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                                                                          https://cnn.compromisedblog.com/XSTc5bEY5TVlBdTVyb1pVN0hFNzRzNW9PLzZnLzZxbzBqeUt5RTBtTFUzNjczOGNsMlB3NURuWjF2cStpdXN2ZmYzWUI3TVZGWWtqcFlEem9nNlUvTHJCeEZ0VTZ2SzFDN2dEd2Zxb0FUOHFmUHR3UjJZMURHOEhveUd6TThqUnhvTVhpbURLMndDemhZY3FteFBZKzZwWmpMV2x3aUJWdzRGZG5IdkdIRnhoTmRTdnZlNE1IUHBCZTdnPT0tLXNnRktmT2VjaXgyVExmS1MtLTFRRWd4cnRWcS9ZQzljNE53S2tBdEE9PQ==?cid=2231760484%3E%20%5Bhttps://cnn.compromisedblog.com/XYmtrY2hhSzZlK09tNXhxSGoxMW1vSjFJdDVrN1N5eUxwQW9WcG9uL2V0NVRyUDhZenRQUWFpcUVhREJWVDV2Uk1FOVZEejMyN0llRU5WRHVvU2Z3eTAyY1NaLzNyS2VCaWdHcWJrRXFWUGdGNVpHbU9ZTUllQT09LS0wQmJWUGFlMUwwMDlHQjJhLS1rbmRxUmNwNVFZSHg3ajFPRVR2Z2dBPT0=?cid=2231760484Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                          • 13.107.246.45
                                                                                                                                                                                                                                                                                                                          outlook-com.olc.protection.outlook.com .exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 52.101.9.4
                                                                                                                                                                                                                                                                                                                          sorteado!!.com.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 52.101.132.31
                                                                                                                                                                                                                                                                                                                          Message.scr.exeGet hashmaliciousMyDoomBrowse
                                                                                                                                                                                                                                                                                                                          • 104.47.51.33
                                                                                                                                                                                                                                                                                                                          webcam.txt.com.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 52.101.73.10
                                                                                                                                                                                                                                                                                                                          Transcript.exeGet hashmaliciousMyDoomBrowse
                                                                                                                                                                                                                                                                                                                          • 104.47.17.97
                                                                                                                                                                                                                                                                                                                          gEkl9O5tiu.exeGet hashmaliciousPhorpiexBrowse
                                                                                                                                                                                                                                                                                                                          • 104.47.66.33
                                                                                                                                                                                                                                                                                                                          64434c8c20fe4b64041795ac2a1472662fa5d33fa0cbb.exeGet hashmaliciousRaccoon RedLine SmokeLoader Tofsee Vidar XmrigBrowse
                                                                                                                                                                                                                                                                                                                          • 104.47.55.33
                                                                                                                                                                                                                                                                                                                          HsWJJz7nq4.exeGet hashmaliciousTofsee XmrigBrowse
                                                                                                                                                                                                                                                                                                                          • 104.47.22.161
                                                                                                                                                                                                                                                                                                                          z5YaDxVg34.exeGet hashmaliciousRaccoon RedLine SmokeLoader Tofsee XmrigBrowse
                                                                                                                                                                                                                                                                                                                          • 104.47.66.33
                                                                                                                                                                                                                                                                                                                          ABhHk2dXUE.exeGet hashmaliciousRaccoon RedLine SmokeLoader Tofsee XmrigBrowse
                                                                                                                                                                                                                                                                                                                          • 104.47.13.33
                                                                                                                                                                                                                                                                                                                          mx00.ionos.deb2bXo6vmDm.exeGet hashmaliciousSystemBCBrowse
                                                                                                                                                                                                                                                                                                                          • 212.227.15.41
                                                                                                                                                                                                                                                                                                                          5CxmQXL0LD.exeGet hashmaliciousSystemBCBrowse
                                                                                                                                                                                                                                                                                                                          • 212.227.15.41
                                                                                                                                                                                                                                                                                                                          yq5xNPpWCT.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                                                                                                                                                                                                                                                                                                          • 212.227.15.41
                                                                                                                                                                                                                                                                                                                          TL6bE5Uq4y.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                                                                                                                                                                                                                                                                                                          • 212.227.15.41
                                                                                                                                                                                                                                                                                                                          cbIcBAgY5W.exeGet hashmaliciousSystemBCBrowse
                                                                                                                                                                                                                                                                                                                          • 212.227.15.41
                                                                                                                                                                                                                                                                                                                          td2RgV6HyP.exeGet hashmaliciousSystemBCBrowse
                                                                                                                                                                                                                                                                                                                          • 212.227.15.41
                                                                                                                                                                                                                                                                                                                          file.exeGet hashmaliciousSystemBCBrowse
                                                                                                                                                                                                                                                                                                                          • 212.227.15.41
                                                                                                                                                                                                                                                                                                                          vm6XYZzWOd.exeGet hashmaliciousPureLog Stealer, SystemBCBrowse
                                                                                                                                                                                                                                                                                                                          • 212.227.15.41
                                                                                                                                                                                                                                                                                                                          z8s945rPmZ.exeGet hashmaliciousSystemBCBrowse
                                                                                                                                                                                                                                                                                                                          • 212.227.15.41
                                                                                                                                                                                                                                                                                                                          mrPTE618YB.exeGet hashmaliciousPureLog StealerBrowse
                                                                                                                                                                                                                                                                                                                          • 212.227.15.41
                                                                                                                                                                                                                                                                                                                          MatchAssociated Sample Name / URLSHA 256DetectionThreat NameLinkContext
                                                                                                                                                                                                                                                                                                                          NMM-ASD-02742FriedersdorfHauptstrasse68DERequest For PO-230102.bat.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                          • 85.13.166.18
                                                                                                                                                                                                                                                                                                                          https://allegro-worxx.de/Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 85.13.161.130
                                                                                                                                                                                                                                                                                                                          https://atpscan.global.hornetsecurity.com/?d=48cXMF0z7lMlWaR4-PlsbtUc8mFiMfFFndJRjEPuYtN-uYwWsyWxL5J5MR-Ug5CE&f=dme3IKUCx1CkAEFqHg7DwPw18BP_OQlvudnvuL33-Lpo64IRdbltM4_7BbS22Zf4&i=&k=uvEU&m=C-1BZKEYF-Cl5rwq0_FrWo_rnOtg9J2VjL7wG_KiYQ4zCmrhfgeCWZm7jI2FLiWiujyVfZXhjPSaNszUHd_-tPPbHZVMqnN_KxIKzjHidCoVjgDEgxtyWq50QMIznX31&n=msheiBXClL42beZAq-0MKeu_K3YWbf4RbFSWB4nMvrZjKHZvlfgqWpnAMmHJM8nOBGwYdLcEaXDrA0ElMeqJyA&r=qQoQsacw6FZ-pWCR9Ygk8d_uohNhiBjvfkDS9IBTRytjYPkbqiDbNjzjfMkGfqGW&s=c3334c9337ad200a046268dabfc48b0b462d8959b1985605036142fc4b1a8f81&u=https%3A%2F%2Fmqqaqm.clicks.mlsend.com%2Ftb%2Fc%2FeyJ2Ijoie1wiYVwiOjEwNjMxNTQsXCJsXCI6MTMxNjM1NDA2NzI2NzU5NjE3LFwiclwiOjEzMTYzNTQwNjk1MTE1NTExNX0iLCJzIjoiMWU0NDhhM2JiYjBjYmJmOSJ9Get hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 85.13.157.247
                                                                                                                                                                                                                                                                                                                          https://immergut.dotling.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 85.13.165.204
                                                                                                                                                                                                                                                                                                                          firmware.armv4l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 85.13.147.130
                                                                                                                                                                                                                                                                                                                          firmware.armv5l.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 85.13.147.130
                                                                                                                                                                                                                                                                                                                          firmware.mipsel.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 85.13.139.4
                                                                                                                                                                                                                                                                                                                          220204-TF1--00.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                          • 85.13.151.9
                                                                                                                                                                                                                                                                                                                          http://arianarings.comGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 85.13.154.44
                                                                                                                                                                                                                                                                                                                          Copy of 01. Bill of Material - 705.exeGet hashmaliciousFormBookBrowse
                                                                                                                                                                                                                                                                                                                          • 85.13.151.9
                                                                                                                                                                                                                                                                                                                          MICROSOFT-CORP-MSN-AS-BLOCKUSbotnet.mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                          • 20.79.222.248
                                                                                                                                                                                                                                                                                                                          botnet.arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                          • 20.103.244.107
                                                                                                                                                                                                                                                                                                                          https://enkonooh.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9Ym1RNFV6RT0mdWlkPVVTRVIxMDEwMjAyNFUyMTEwMTAyNw==#Get hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                                                                                                                          • 13.107.246.60
                                                                                                                                                                                                                                                                                                                          phish_alert_iocp_v1.4.48.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 52.113.194.132
                                                                                                                                                                                                                                                                                                                          https://tmprod10067889ext.b2clogin.us/tmprod10067889ext.onmicrosoft.us/B2C_1A_Customer_Signup_Invitation/oauth2/v2.0/authorize?client_id=a852dfcc-b0c0-4774-9f4f-ad8c29e1a735&nonce=af9ba7a9-72c6-4409-839a-ac38ce970f76&redirect_uri=https%3A%2F%2Fconnect.irs.gov%2Fsystem%2Ftemplates%2Fchat%2Fcustom%2Fvascripts%2Fregistration.html&scope=openid&response_type=id_token&id_token_hint=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJhODUyZGZjYy1iMGMwLTQ3NzQtOWY0Zi1hZDhjMjllMWE3MzUiLCJwcm9kdWN0VGVtcGxhdGUiOiJlZ2FpbiIsIm5iZiI6MTcyOTE0OTQxMywic3VyTmFtZSI6IlNjaHJvdGUiLCJnaXZlbk5hbWUiOiJNaWNoZWxsZSIsImlzcyI6Imh0dHBzOi8vY29ubmVjdC5pcnMuZ292IiwiZXhwIjoxNzI5NDA4NjEzLCJlbWFpbCI6Im1zY2hyb3RlQGNyZ292LmNvbSJ9.e0KO2_wTMkdSNqm7Vpm55VA0OP7vuzA-LcvWOwe6XspWjWkqHMIRJZiE57gdM0JyU4olxr9w4tMQBKcpLGFOiOZv1oawaBoXV5AidV_aegc3vd2IYUuq2bVMGK7iF_Skv8VodKQndviPUmlWfzEzc-kV_u2b1hta5LNfX9B_xK65vtf1Zh4Y1rOkW5Ruv-Spe-8zOUIOeWgA9vuX00d1_Nuz5HNdfReQ3sxfQsyay5TmfYDvAh72menDTDmKRD_0GJDw7dWWkCYakTh-fjzkq39MwapVY3U0zbjhnxoW89VKaOF9GQFRYoNlLU9DHRWgznC-GkAdIU8mswVlGkkLngGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 20.140.151.75
                                                                                                                                                                                                                                                                                                                          botnet.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                          • 52.101.106.133
                                                                                                                                                                                                                                                                                                                          powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 20.233.3.132
                                                                                                                                                                                                                                                                                                                          ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 20.216.184.136
                                                                                                                                                                                                                                                                                                                          arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 22.134.24.77
                                                                                                                                                                                                                                                                                                                          https://cnn.compromisedblog.com/XSTc5bEY5TVlBdTVyb1pVN0hFNzRzNW9PLzZnLzZxbzBqeUt5RTBtTFUzNjczOGNsMlB3NURuWjF2cStpdXN2ZmYzWUI3TVZGWWtqcFlEem9nNlUvTHJCeEZ0VTZ2SzFDN2dEd2Zxb0FUOHFmUHR3UjJZMURHOEhveUd6TThqUnhvTVhpbURLMndDemhZY3FteFBZKzZwWmpMV2x3aUJWdzRGZG5IdkdIRnhoTmRTdnZlNE1IUHBCZTdnPT0tLXNnRktmT2VjaXgyVExmS1MtLTFRRWd4cnRWcS9ZQzljNE53S2tBdEE9PQ==?cid=2231760484%3E%20%5Bhttps://cnn.compromisedblog.com/XYmtrY2hhSzZlK09tNXhxSGoxMW1vSjFJdDVrN1N5eUxwQW9WcG9uL2V0NVRyUDhZenRQUWFpcUVhREJWVDV2Uk1FOVZEejMyN0llRU5WRHVvU2Z3eTAyY1NaLzNyS2VCaWdHcWJrRXFWUGdGNVpHbU9ZTUllQT09LS0wQmJWUGFlMUwwMDlHQjJhLS1rbmRxUmNwNVFZSHg3ajFPRVR2Z2dBPT0=?cid=2231760484Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                          • 13.107.253.45
                                                                                                                                                                                                                                                                                                                          NESSUSATSecuriteInfo.com.Linux.Siggen.9999.16227.30183.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 212.232.24.241
                                                                                                                                                                                                                                                                                                                          7GfciIf7ys.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 84.242.14.245
                                                                                                                                                                                                                                                                                                                          83DBFB03FD23DCE6316D62B66750D055CA7DF4A9DB5BB51DD3C5545EA8F40BB6.exeGet hashmaliciousBdaejec, VidarBrowse
                                                                                                                                                                                                                                                                                                                          • 146.255.56.83
                                                                                                                                                                                                                                                                                                                          PoksxEQkb8.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 212.232.24.224
                                                                                                                                                                                                                                                                                                                          c5018a3915e8a9de41e083f7936c2d232b9a73ba41c8c07fb7b2d90d5f5d8e8e_dump.exeGet hashmaliciousSystemBCBrowse
                                                                                                                                                                                                                                                                                                                          • 77.244.243.38
                                                                                                                                                                                                                                                                                                                          ZJgGk9RNIE.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                          • 185.205.80.173
                                                                                                                                                                                                                                                                                                                          6A9jBmgfEz.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 83.137.116.204
                                                                                                                                                                                                                                                                                                                          4se90AvJtT.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 212.232.24.215
                                                                                                                                                                                                                                                                                                                          L4qsAy3vf5.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 212.232.24.236
                                                                                                                                                                                                                                                                                                                          OneDrive_2023-08-03.zipGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 83.137.118.21
                                                                                                                                                                                                                                                                                                                          MICROSEC-ASHUrLJ135TPN7.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 193.42.222.38
                                                                                                                                                                                                                                                                                                                          test.exeGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 193.42.222.38
                                                                                                                                                                                                                                                                                                                          MICROSOFT-CORP-MSN-AS-BLOCKUSbotnet.mips.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                          • 20.79.222.248
                                                                                                                                                                                                                                                                                                                          botnet.arm7.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                          • 20.103.244.107
                                                                                                                                                                                                                                                                                                                          https://enkonooh.com/n/?c3Y9bzM2NV8xX3ZvaWNlJnJhbmQ9Ym1RNFV6RT0mdWlkPVVTRVIxMDEwMjAyNFUyMTEwMTAyNw==#Get hashmaliciousHTMLPhisher, Mamba2FABrowse
                                                                                                                                                                                                                                                                                                                          • 13.107.246.60
                                                                                                                                                                                                                                                                                                                          phish_alert_iocp_v1.4.48.emlGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 52.113.194.132
                                                                                                                                                                                                                                                                                                                          https://tmprod10067889ext.b2clogin.us/tmprod10067889ext.onmicrosoft.us/B2C_1A_Customer_Signup_Invitation/oauth2/v2.0/authorize?client_id=a852dfcc-b0c0-4774-9f4f-ad8c29e1a735&nonce=af9ba7a9-72c6-4409-839a-ac38ce970f76&redirect_uri=https%3A%2F%2Fconnect.irs.gov%2Fsystem%2Ftemplates%2Fchat%2Fcustom%2Fvascripts%2Fregistration.html&scope=openid&response_type=id_token&id_token_hint=eyJ0eXAiOiJKV1QiLCJhbGciOiJSUzI1NiJ9.eyJhdWQiOiJhODUyZGZjYy1iMGMwLTQ3NzQtOWY0Zi1hZDhjMjllMWE3MzUiLCJwcm9kdWN0VGVtcGxhdGUiOiJlZ2FpbiIsIm5iZiI6MTcyOTE0OTQxMywic3VyTmFtZSI6IlNjaHJvdGUiLCJnaXZlbk5hbWUiOiJNaWNoZWxsZSIsImlzcyI6Imh0dHBzOi8vY29ubmVjdC5pcnMuZ292IiwiZXhwIjoxNzI5NDA4NjEzLCJlbWFpbCI6Im1zY2hyb3RlQGNyZ292LmNvbSJ9.e0KO2_wTMkdSNqm7Vpm55VA0OP7vuzA-LcvWOwe6XspWjWkqHMIRJZiE57gdM0JyU4olxr9w4tMQBKcpLGFOiOZv1oawaBoXV5AidV_aegc3vd2IYUuq2bVMGK7iF_Skv8VodKQndviPUmlWfzEzc-kV_u2b1hta5LNfX9B_xK65vtf1Zh4Y1rOkW5Ruv-Spe-8zOUIOeWgA9vuX00d1_Nuz5HNdfReQ3sxfQsyay5TmfYDvAh72menDTDmKRD_0GJDw7dWWkCYakTh-fjzkq39MwapVY3U0zbjhnxoW89VKaOF9GQFRYoNlLU9DHRWgznC-GkAdIU8mswVlGkkLngGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 20.140.151.75
                                                                                                                                                                                                                                                                                                                          botnet.arm.elfGet hashmaliciousMirai, MoobotBrowse
                                                                                                                                                                                                                                                                                                                          • 52.101.106.133
                                                                                                                                                                                                                                                                                                                          powerpc.elfGet hashmaliciousUnknownBrowse
                                                                                                                                                                                                                                                                                                                          • 20.233.3.132
                                                                                                                                                                                                                                                                                                                          ppc.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 20.216.184.136
                                                                                                                                                                                                                                                                                                                          arm5.elfGet hashmaliciousMiraiBrowse
                                                                                                                                                                                                                                                                                                                          • 22.134.24.77
                                                                                                                                                                                                                                                                                                                          https://cnn.compromisedblog.com/XSTc5bEY5TVlBdTVyb1pVN0hFNzRzNW9PLzZnLzZxbzBqeUt5RTBtTFUzNjczOGNsMlB3NURuWjF2cStpdXN2ZmYzWUI3TVZGWWtqcFlEem9nNlUvTHJCeEZ0VTZ2SzFDN2dEd2Zxb0FUOHFmUHR3UjJZMURHOEhveUd6TThqUnhvTVhpbURLMndDemhZY3FteFBZKzZwWmpMV2x3aUJWdzRGZG5IdkdIRnhoTmRTdnZlNE1IUHBCZTdnPT0tLXNnRktmT2VjaXgyVExmS1MtLTFRRWd4cnRWcS9ZQzljNE53S2tBdEE9PQ==?cid=2231760484%3E%20%5Bhttps://cnn.compromisedblog.com/XYmtrY2hhSzZlK09tNXhxSGoxMW1vSjFJdDVrN1N5eUxwQW9WcG9uL2V0NVRyUDhZenRQUWFpcUVhREJWVDV2Uk1FOVZEejMyN0llRU5WRHVvU2Z3eTAyY1NaLzNyS2VCaWdHcWJrRXFWUGdGNVpHbU9ZTUllQT09LS0wQmJWUGFlMUwwMDlHQjJhLS1rbmRxUmNwNVFZSHg3ajFPRVR2Z2dBPT0=?cid=2231760484Get hashmaliciousHTMLPhisherBrowse
                                                                                                                                                                                                                                                                                                                          • 13.107.253.45
                                                                                                                                                                                                                                                                                                                          No context
                                                                                                                                                                                                                                                                                                                          No context
                                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                          File Type:Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):65536
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):0.8753629616564877
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:96:DZ4F3chgsshvoI7JfGQXIDcQvc6QcEVcw3cE/OHu+HbHg/oJAnQ4OZU6+yA0Trh/:W6hgn0BU/wjJWdKWzuiFtZ24IO89
                                                                                                                                                                                                                                                                                                                          MD5:1A85F078D2AE9B02FCFC031F58CCAD48
                                                                                                                                                                                                                                                                                                                          SHA1:BFC1304D966CEAC13BD917F181066CCA0621C390
                                                                                                                                                                                                                                                                                                                          SHA-256:6975932120AE9840C7519EC40B6E9AB4D5B4F222160EA3324EB92CBFD321BE6F
                                                                                                                                                                                                                                                                                                                          SHA-512:61C0E8560E4EFE7BA913513CF075E95071EF6947D75E346355A31DD90100851BC0332AF827680F9317DD01B80802FA71BF56DB9B83567BFC8D7191866B2B2E68
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                          Preview:..V.e.r.s.i.o.n.=.1.....E.v.e.n.t.T.y.p.e.=.A.P.P.C.R.A.S.H.....E.v.e.n.t.T.i.m.e.=.1.3.3.7.3.6.6.1.7.6.3.7.4.5.8.2.6.4.....R.e.p.o.r.t.T.y.p.e.=.2.....C.o.n.s.e.n.t.=.1.....U.p.l.o.a.d.T.i.m.e.=.1.3.3.7.3.6.6.1.7.6.4.5.7.3.9.5.5.7.....R.e.p.o.r.t.S.t.a.t.u.s.=.5.2.4.3.8.4.....R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.b.7.2.4.b.f.6.b.-.3.8.9.8.-.4.2.9.5.-.8.8.7.d.-.e.3.5.9.2.b.5.0.6.a.b.1.....I.n.t.e.g.r.a.t.o.r.R.e.p.o.r.t.I.d.e.n.t.i.f.i.e.r.=.0.5.8.7.5.c.e.0.-.1.7.c.b.-.4.9.9.c.-.8.3.1.3.-.5.e.1.a.e.8.5.4.e.3.b.9.....W.o.w.6.4.H.o.s.t.=.3.4.4.0.4.....W.o.w.6.4.G.u.e.s.t.=.3.3.2.....N.s.A.p.p.N.a.m.e.=.v.i.d.e.o.d.r.v...e.x.e.....A.p.p.S.e.s.s.i.o.n.G.u.i.d.=.0.0.0.0.1.d.7.8.-.0.0.0.1.-.0.0.1.4.-.7.b.9.7.-.3.8.b.8.b.e.2.0.d.b.0.1.....T.a.r.g.e.t.A.p.p.I.d.=.W.:.0.0.0.6.9.9.6.b.a.0.9.9.a.e.c.1.2.4.d.2.1.8.b.4.c.2.2.9.0.d.c.a.3.1.8.4.0.0.0.0.f.f.f.f.!.0.0.0.0.9.5.d.e.b.7.c.1.d.c.f.b.a.5.1.4.4.1.0.0.a.5.d.7.3.c.b.2.5.2.1.8.f.3.0.4.e.3.f.4.!.v.i.d.e.o.d.r.v...e.x.e.....T.a.r.g.e.t.A.p.p.V.e.r.=.
                                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                          File Type:Mini DuMP crash report, 14 streams, Thu Oct 17 18:02:44 2024, 0x1205a4 type
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):392436
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):2.152608618388878
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:VC02UZp6vgvqzBTuSEpodyQj4cD7QMNmC3ekWuWHG/y+wcT/1:V9pp6vDtTuSEodT7T3Xn
                                                                                                                                                                                                                                                                                                                          MD5:EEE024D618BC61F7FC32B5BD9D905028
                                                                                                                                                                                                                                                                                                                          SHA1:667A28CF28BED527E09F149FC608B1777F6D70B1
                                                                                                                                                                                                                                                                                                                          SHA-256:5D05045AF127329761043B7FEAB22456B3AA61880AA3E042F5F59C9CED7C69B8
                                                                                                                                                                                                                                                                                                                          SHA-512:AC85260F90BB313D129E13A29E67D738CBF1930108CF445D4C77400B1C7E0CCE0D6AEDCCCC7FCACC96CDA0FF1EB7C25FB5F150C1510AFCD94EE5CDE4CECBC21D
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                          Preview:MDMP..a..... .......DQ.g........................P................Q..........T.......8...........T...............$3..........\...........H...............................................................................eJ..............GenuineIntel............T.......x...0Q.g.............................0..2...........,...E.a.s.t.e.r.n. .S.t.a.n.d.a.r.d. .T.i.m.e...........................................E.a.s.t.e.r.n. .S.u.m.m.e.r. .T.i.m.e...............................................1.9.0.4.1...1...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6...................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                          File Type:XML 1.0 document, Unicode text, UTF-16, little-endian text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):6358
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.7261312052152245
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:96:RSIU6o7wVetbKx6WQ/lYEiQE/Wec5aM4Ue89bSIsfuvnGm:R6l7wVeJKx6hlYF0pre89bSIsfuvGm
                                                                                                                                                                                                                                                                                                                          MD5:D7C4F89E8D8D130855FC04A195D53602
                                                                                                                                                                                                                                                                                                                          SHA1:3D6D76EBA58A9D5766B1A7146591B406E24356DA
                                                                                                                                                                                                                                                                                                                          SHA-256:6349B27D68803E459465603015F1B988906E36D80E39592D4A0F088F05986CA6
                                                                                                                                                                                                                                                                                                                          SHA-512:93581F2321DF97C6965C10321B7C3BE929D46C7985EF25CCD300098EC50AFE60FD135D745C91743CEF3F1086C5CC0A6CE2B073754450F6D4923EAEC15C9520BA
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                          Preview:..<.?.x.m.l. .v.e.r.s.i.o.n.=.".1...0.". .e.n.c.o.d.i.n.g.=.".U.T.F.-.1.6.".?.>.....<.W.E.R.R.e.p.o.r.t.M.e.t.a.d.a.t.a.>.......<.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.........<.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.1.0...0.<./.W.i.n.d.o.w.s.N.T.V.e.r.s.i.o.n.>.........<.B.u.i.l.d.>.1.9.0.4.5.<./.B.u.i.l.d.>.........<.P.r.o.d.u.c.t.>.(.0.x.3.0.).:. .W.i.n.d.o.w.s. .1.0. .P.r.o.<./.P.r.o.d.u.c.t.>.........<.E.d.i.t.i.o.n.>.P.r.o.f.e.s.s.i.o.n.a.l.<./.E.d.i.t.i.o.n.>.........<.B.u.i.l.d.S.t.r.i.n.g.>.1.9.0.4.1...2.0.0.6...a.m.d.6.4.f.r.e...v.b._.r.e.l.e.a.s.e...1.9.1.2.0.6.-.1.4.0.6.<./.B.u.i.l.d.S.t.r.i.n.g.>.........<.R.e.v.i.s.i.o.n.>.2.0.0.6.<./.R.e.v.i.s.i.o.n.>.........<.F.l.a.v.o.r.>.M.u.l.t.i.p.r.o.c.e.s.s.o.r. .F.r.e.e.<./.F.l.a.v.o.r.>.........<.A.r.c.h.i.t.e.c.t.u.r.e.>.X.6.4.<./.A.r.c.h.i.t.e.c.t.u.r.e.>.........<.L.C.I.D.>.2.0.5.7.<./.L.C.I.D.>.......<./.O.S.V.e.r.s.i.o.n.I.n.f.o.r.m.a.t.i.o.n.>.......<.P.r.o.c.e.s.s.I.n.f.o.r.m.a.t.i.o.n.>.........<.P.i.d.>.7.5.4.4.<./.P.i.
                                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                          File Type:XML 1.0 document, ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):4609
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.475206767950848
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:48:cvIwWl8zsnuJg77aI9mJWpW8VY5RYm8M4J4txFQ+q8eD9L6uSad:uIjfnkI7o47VPJ9VLVSad
                                                                                                                                                                                                                                                                                                                          MD5:99409EB27F0B8D9051782A3B0CE39CA2
                                                                                                                                                                                                                                                                                                                          SHA1:4568EAC3A44B08F42C854A8FB60130C7E84EF87A
                                                                                                                                                                                                                                                                                                                          SHA-256:C858AE150E208510A8DA3453FA51271AAF72E106D29F7269B61D32CE998ED96F
                                                                                                                                                                                                                                                                                                                          SHA-512:4FC952D66F4FF63DF32EE11F149FB6FC59F85FAC2404CB64A02B81FE4E72184015C6FFA071F3E98E832E45C58636675DE2030D42EFFA7E5E171FAF161159A081
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                          Preview:<?xml version="1.0" encoding="UTF-8" standalone="yes"?>..<req ver="2">.. <tlm>.. <src>.. <desc>.. <mach>.. <os>.. <arg nm="vermaj" val="10" />.. <arg nm="vermin" val="0" />.. <arg nm="verbld" val="19045" />.. <arg nm="vercsdbld" val="2006" />.. <arg nm="verqfe" val="2006" />.. <arg nm="csdbld" val="2006" />.. <arg nm="versp" val="0" />.. <arg nm="arch" val="9" />.. <arg nm="lcid" val="2057" />.. <arg nm="geoid" val="223" />.. <arg nm="sku" val="48" />.. <arg nm="domain" val="0" />.. <arg nm="prodsuite" val="256" />.. <arg nm="ntprodtype" val="1" />.. <arg nm="platid" val="2" />.. <arg nm="tmsi" val="547745" />.. <arg nm="osinsty" val="1" />.. <arg nm="iever" val="11.789.19041.0-11.0.1000" />.. <arg nm="portos" val="0" />.. <arg nm="ram" val="409
                                                                                                                                                                                                                                                                                                                          Process:C:\Windows\videodrv.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                                                          Size (bytes):7828
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.9250736129808566
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:192:85/QgybyCgu5/Qgyby6H3gOT5Ag9VzlzFYFlatq:7yCg1y6H3g89yFH
                                                                                                                                                                                                                                                                                                                          MD5:CB3F751F436F9C49840EA27D919613D2
                                                                                                                                                                                                                                                                                                                          SHA1:C4E39B4E662D285AB62D41B72637918682C80517
                                                                                                                                                                                                                                                                                                                          SHA-256:79218CF37A860B577D7AD94390B7BCEC9713EC2BEDF21D394EBB06BDF66E152B
                                                                                                                                                                                                                                                                                                                          SHA-512:F209DD3F256FAB8FDAB517C1A139C750AC43BD80A1572C299F710D9B0D08353D440369E55B39BBAA5154A9C6A465A83FDE24D241E5F27FA61B7B1FBE99F03597
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                          Preview:formautofill@mozilla.org.google@search.mozilla.org.pictureinpicture@mozilla.org.screenshots@mozilla.org.webcompat@mozilla.org.addons-search-detection@mozilla.com.default-theme@mozilla.org.bing@search.mozilla.org.amazondotcom@search.mozilla.org.ddg@search.mozilla.org.wikipedia@search.mozilla.org.docs-hosted-app-own@google.com.ocsp.digicert.com.acrobat_reader2020_32@2x.png.shoprunnernotsignedin@outlook.com.shopping.edge.test@gmail.com.pkiadmin@trustcentre.co.za.accv@accv.es.admin_ca@mtin.es.pki@sk.ee.info@e-szigno.hu.ec_acc@catcert.net.chambersroot@chambersign.org.chambersignroot@chambersign.org.DPCacraiz.pdf.R@garagejournal.com.R@tripadvisor.com.R@mylivewallpapers.com.R@candidate.hr-manager.net.R@pagead2.googlesyndication.com.R@ads.talkscreativity.com.R@belgieninfo.net.R@delamar.de.R@googlewatchblog.de.R@lintorfer.eu.R@schule-studium.de.R@windowspower.de.R@wirsiegen.de.R@wp.com.R@games.ch.R@guenstiger.de.R@zentrum-der-gesundheit.de.R@stroeerdigitalgroup.de.R@radiosantiago.cl.R@fanpelis.
                                                                                                                                                                                                                                                                                                                          Process:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                          File Type:MS Windows registry file, NT/2000 or above
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1835008
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):4.416582319867543
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:6144:Scifpi6ceLPL9skLmb0moSWSPtaJG8nAgex285i2MMhA20X4WABlGuNa5+:/i58oSWIZBk2MM6AFBgo
                                                                                                                                                                                                                                                                                                                          MD5:02508E8A0E14EB32CBB1390B3F6E8D7F
                                                                                                                                                                                                                                                                                                                          SHA1:10E347BFEC68385B195C51681BBAF29A2B4E30D6
                                                                                                                                                                                                                                                                                                                          SHA-256:0D3BB1B1AAF04A25D7E62B03DFCD883985754AEC7F7BCCA3361D3E2301D71F20
                                                                                                                                                                                                                                                                                                                          SHA-512:0076AAE7DB2B6C6EE8F699EDEBBB4F631AB2E3563A4CCFD91D6C4066C3FBCA841FF3ECDF00D691DD51053C4ED114AAE67F8E1972F351B554754DE6784DAF46B1
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                          Preview:regfE...E....\.Z.................... ...........\.A.p.p.C.o.m.p.a.t.\.P.r.o.g.r.a.m.s.\.A.m.c.a.c.h.e...h.v.e....c...b...#.......c...b...#...........c...b...#......rmtmN... ..............................................................................................................................................................................................................................................................................................................................................Vz..........................................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                          Process:C:\Windows\videodrv.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):25
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.603856189774724
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:QIycJlIEIQMs:QI3cEpz
                                                                                                                                                                                                                                                                                                                          MD5:B511CEF61B06D799D0F51076F090D6B4
                                                                                                                                                                                                                                                                                                                          SHA1:C61B6E78927110D1F363CC0CFD913C548B99A671
                                                                                                                                                                                                                                                                                                                          SHA-256:D30E3373298922DBC2FAABE665E935B0D58129CD24190125E2A4C5C1DCC12E42
                                                                                                                                                                                                                                                                                                                          SHA-512:509F4DF0435A37DA8A61D490362A30207ED4F4AEB678E9EAFE9B2F76BD60C419F44D787A358C859068978E94CC084AA84BE8C984CD9D10A405454076FAD03F20
                                                                                                                                                                                                                                                                                                                          Malicious:false
                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                          Preview:formautofill@mozilla.org.
                                                                                                                                                                                                                                                                                                                          Process:C:\Windows\videodrv.exe
                                                                                                                                                                                                                                                                                                                          File Type:data
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):527253
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.375817240820474
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:uudiUvlSARwjdYLX2hsEQfjdYa2hsEQfjdYH:WKlSEwjuLXdjuadjuH
                                                                                                                                                                                                                                                                                                                          MD5:19AC94EF8AEE16FE7996EF16C353E76E
                                                                                                                                                                                                                                                                                                                          SHA1:812D318F19DA4179D496FA935947CB8D06659B2C
                                                                                                                                                                                                                                                                                                                          SHA-256:0CBECA5538A82505501B5E93AE427BB9782911652C0EDF86B19BECC11BAABC2D
                                                                                                                                                                                                                                                                                                                          SHA-512:AAD70786934258453B5E8070F2AFEB342952E7692884A06292B61172852BA1A15C5F7BA78CD4D2CD37B9E934A16870E314EA8629C246C7AC19866D177F8FD4CB
                                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                          Preview:MIME-Version: 1.0.Content-Location:File://foo.exe.Content-Transfer-Encoding: binary..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......?...............7.0.......@.......P........@.................................................................................................................................................................................................UPX0.....@.......>......................UPX1.....0...P...*...B..............@...UPX2.................l..............@....imports.............p..............@..............................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\4ui8luUSNp.exe
                                                                                                                                                                                                                                                                                                                          File Type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):526632
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.3659614853988677
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:DudiUvlSARwjdYLX2hsEQfjdYa2hsEQfjdYB:JKlSEwjuLXdjuadjuB
                                                                                                                                                                                                                                                                                                                          MD5:267B10ECA642BBC3534BE32CBC565F35
                                                                                                                                                                                                                                                                                                                          SHA1:95DEB7C1DCFBA5144100A5D73CB25218F304E3F4
                                                                                                                                                                                                                                                                                                                          SHA-256:5A6BEB7AB22FC65258D7D3681CE668058F93B7A2EB534B42B799AA8E61595C08
                                                                                                                                                                                                                                                                                                                          SHA-512:8D57C6B99286D93E7328D99A609DCC2C93E0FC00467F8D48CEF1FFEE61CF882F5657DDE35309CFBD3B8B4D6AD6461B44BE6BB9109A4701365569BECA9F8DB23F
                                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                          • Antivirus: Joe Sandbox ML, Detection: 100%
                                                                                                                                                                                                                                                                                                                          • Antivirus: ReversingLabs, Detection: 95%
                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                          Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......?...............7.0.......@.......P........@.................................................................................................................................................................................................UPX0.....@.......>......................UPX1.....0...P...*...B..............@...UPX2.................l..............@....imports.............p..............@...................................................................................................................................................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                          Process:C:\Users\user\Desktop\4ui8luUSNp.exe
                                                                                                                                                                                                                                                                                                                          File Type:ASCII text, with CRLF line terminators
                                                                                                                                                                                                                                                                                                                          Category:modified
                                                                                                                                                                                                                                                                                                                          Size (bytes):26
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):3.95006375643621
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3:ggPYV:rPYV
                                                                                                                                                                                                                                                                                                                          MD5:187F488E27DB4AF347237FE461A079AD
                                                                                                                                                                                                                                                                                                                          SHA1:6693BA299EC1881249D59262276A0D2CB21F8E64
                                                                                                                                                                                                                                                                                                                          SHA-256:255A65D30841AB4082BD9D0EEA79D49C5EE88F56136157D8D6156AEF11C12309
                                                                                                                                                                                                                                                                                                                          SHA-512:89879F237C0C051EBE784D0690657A6827A312A82735DA42DAD5F744D734FC545BEC9642C19D14C05B2F01FF53BC731530C92F7327BB7DC9CDE1B60FB21CD64E
                                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                                          Reputation:high, very likely benign file
                                                                                                                                                                                                                                                                                                                          Preview:[ZoneTransfer]....ZoneId=0
                                                                                                                                                                                                                                                                                                                          Process:C:\Windows\videodrv.exe
                                                                                                                                                                                                                                                                                                                          File Type:Zip archive data, at least v1.0 to extract, compression method=store
                                                                                                                                                                                                                                                                                                                          Category:dropped
                                                                                                                                                                                                                                                                                                                          Size (bytes):1049508
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.338104184779259
                                                                                                                                                                                                                                                                                                                          Encrypted:false
                                                                                                                                                                                                                                                                                                                          SSDEEP:3072:fKlSEwjuLXdjuadju2KlSEwjuLXdjuadjuu:ct+t3
                                                                                                                                                                                                                                                                                                                          MD5:DBA503531EE7004D2DD2094B75B3500E
                                                                                                                                                                                                                                                                                                                          SHA1:9433458D2BF72A07201728FAC938264F3B42DDBE
                                                                                                                                                                                                                                                                                                                          SHA-256:EFC7A0410C3297E030D3BBED9D8513C6939ABAE769C4CFBBD3443D610202442E
                                                                                                                                                                                                                                                                                                                          SHA-512:4D6099818CA7DC241F111DBF812335450F0687FC6F9AA9D70B1AA321EA53C6D9952ABBB04AFEF52E912E54E24914EA3D178FC788AC5D83B2A04A0F4A6C20D23E
                                                                                                                                                                                                                                                                                                                          Malicious:true
                                                                                                                                                                                                                                                                                                                          Antivirus:
                                                                                                                                                                                                                                                                                                                          • Antivirus: Avira, Detection: 100%
                                                                                                                                                                                                                                                                                                                          Preview:PK........R.QY...*...*.......message.htmlMIME-Version: 1.0.Content-Location:File://foo.exe.Content-Transfer-Encoding: binary..MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......?...............7.0.......@.......P........@.................................................................................................................................................................................................UPX0.....@.......>......................UPX1.....0...P...*...B..............@...UPX2.................l..............@....imports.............p..............@....................................................................................................................................................................................................................................................................................................................................................
                                                                                                                                                                                                                                                                                                                          File type:PE32 executable (GUI) Intel 80386 (stripped to external PDB), for MS Windows, UPX compressed
                                                                                                                                                                                                                                                                                                                          Entropy (8bit):1.3659614853988677
                                                                                                                                                                                                                                                                                                                          TrID:
                                                                                                                                                                                                                                                                                                                          • Win32 Executable (generic) a (10002005/4) 99.37%
                                                                                                                                                                                                                                                                                                                          • UPX compressed Win32 Executable (30571/9) 0.30%
                                                                                                                                                                                                                                                                                                                          • Win32 EXE Yoda's Crypter (26571/9) 0.26%
                                                                                                                                                                                                                                                                                                                          • Win16/32 Executable Delphi generic (2074/23) 0.02%
                                                                                                                                                                                                                                                                                                                          • Generic Win/DOS Executable (2004/3) 0.02%
                                                                                                                                                                                                                                                                                                                          File name:4ui8luUSNp.exe
                                                                                                                                                                                                                                                                                                                          File size:526'632 bytes
                                                                                                                                                                                                                                                                                                                          MD5:267b10eca642bbc3534be32cbc565f35
                                                                                                                                                                                                                                                                                                                          SHA1:95deb7c1dcfba5144100a5d73cb25218f304e3f4
                                                                                                                                                                                                                                                                                                                          SHA256:5a6beb7ab22fc65258d7d3681ce668058f93b7a2eb534b42b799aa8e61595c08
                                                                                                                                                                                                                                                                                                                          SHA512:8d57c6b99286d93e7328d99a609dcc2c93e0fc00467f8d48cef1ffee61cf882f5657dde35309cfbd3b8b4d6ad6461b44be6bb9109a4701365569beca9f8db23f
                                                                                                                                                                                                                                                                                                                          SSDEEP:1536:DudiUvlSARwjdYLX2hsEQfjdYa2hsEQfjdYB:JKlSEwjuLXdjuadjuB
                                                                                                                                                                                                                                                                                                                          TLSH:88B46C035D003E4FC5C2A23173B5F77EAC72D6A0893B6411670C0A76689C66A976EBDF
                                                                                                                                                                                                                                                                                                                          File Content Preview:MZ......................@...............................................!..L.!This program cannot be run in DOS mode....$.......PE..L......?...............7.0.......@.......P........@........................................................................
                                                                                                                                                                                                                                                                                                                          Icon Hash:00928e8e8686b000
                                                                                                                                                                                                                                                                                                                          Entrypoint:0x4011cb
                                                                                                                                                                                                                                                                                                                          Entrypoint Section:UPX0
                                                                                                                                                                                                                                                                                                                          Digitally signed:false
                                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                          Subsystem:windows gui
                                                                                                                                                                                                                                                                                                                          Image File Characteristics:RELOCS_STRIPPED, EXECUTABLE_IMAGE, LINE_NUMS_STRIPPED, LOCAL_SYMS_STRIPPED, 32BIT_MACHINE, DEBUG_STRIPPED
                                                                                                                                                                                                                                                                                                                          DLL Characteristics:
                                                                                                                                                                                                                                                                                                                          Time Stamp:0x3FA39DA8 [Sat Nov 1 11:48:56 2003 UTC]
                                                                                                                                                                                                                                                                                                                          TLS Callbacks:
                                                                                                                                                                                                                                                                                                                          CLR (.Net) Version:
                                                                                                                                                                                                                                                                                                                          OS Version Major:1
                                                                                                                                                                                                                                                                                                                          OS Version Minor:0
                                                                                                                                                                                                                                                                                                                          File Version Major:1
                                                                                                                                                                                                                                                                                                                          File Version Minor:0
                                                                                                                                                                                                                                                                                                                          Subsystem Version Major:1
                                                                                                                                                                                                                                                                                                                          Subsystem Version Minor:0
                                                                                                                                                                                                                                                                                                                          Import Hash:fa3aa9322a0f65f92ba29e31c596f379
                                                                                                                                                                                                                                                                                                                          Instruction
                                                                                                                                                                                                                                                                                                                          mov eax, dword ptr fs:[00000000h]
                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                          push FFFFFFFFh
                                                                                                                                                                                                                                                                                                                          push 0047401Ch
                                                                                                                                                                                                                                                                                                                          push 0040109Ah
                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                          mov dword ptr fs:[00000000h], esp
                                                                                                                                                                                                                                                                                                                          sub esp, 10h
                                                                                                                                                                                                                                                                                                                          push ebx
                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                                                                                                                          mov dword ptr [ebp-18h], esp
                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                          fstcw word ptr [esp]
                                                                                                                                                                                                                                                                                                                          or word ptr [esp], 0300h
                                                                                                                                                                                                                                                                                                                          fldcw word ptr [esp]
                                                                                                                                                                                                                                                                                                                          add esp, 04h
                                                                                                                                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                                                                                                                                          push 00000000h
                                                                                                                                                                                                                                                                                                                          push 00474028h
                                                                                                                                                                                                                                                                                                                          push 00474024h
                                                                                                                                                                                                                                                                                                                          push 00474020h
                                                                                                                                                                                                                                                                                                                          call 00007FA4386AE5C4h
                                                                                                                                                                                                                                                                                                                          push dword ptr [00474028h]
                                                                                                                                                                                                                                                                                                                          push dword ptr [00474024h]
                                                                                                                                                                                                                                                                                                                          push dword ptr [00474020h]
                                                                                                                                                                                                                                                                                                                          mov dword ptr [00474014h], esp
                                                                                                                                                                                                                                                                                                                          call 00007FA4386AE313h
                                                                                                                                                                                                                                                                                                                          add esp, 18h
                                                                                                                                                                                                                                                                                                                          xor ecx, ecx
                                                                                                                                                                                                                                                                                                                          mov dword ptr [ebp-04h], ecx
                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                          call 00007FA4386AE5A5h
                                                                                                                                                                                                                                                                                                                          leave
                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                          mov dword ptr fs:[00000000h], eax
                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                          add bh, al
                                                                                                                                                                                                                                                                                                                          add eax, 00469EE0h
                                                                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                          add byte ptr [eax], al
                                                                                                                                                                                                                                                                                                                          mov dword ptr [00473EE4h], 00000000h
                                                                                                                                                                                                                                                                                                                          call 00007FA4386AA0BDh
                                                                                                                                                                                                                                                                                                                          ret
                                                                                                                                                                                                                                                                                                                          push ebp
                                                                                                                                                                                                                                                                                                                          mov ebp, esp
                                                                                                                                                                                                                                                                                                                          push ecx
                                                                                                                                                                                                                                                                                                                          push eax
                                                                                                                                                                                                                                                                                                                          push esi
                                                                                                                                                                                                                                                                                                                          push edi
                                                                                                                                                                                                                                                                                                                          push dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                          call 00007FA4386AE648h
                                                                                                                                                                                                                                                                                                                          add esp, 04h
                                                                                                                                                                                                                                                                                                                          mov esi, dword ptr [ebp+08h]
                                                                                                                                                                                                                                                                                                                          lea edi, dword ptr [eax+esi-03h]
                                                                                                                                                                                                                                                                                                                          mov dword ptr [ebp-08h], edi
                                                                                                                                                                                                                                                                                                                          push 00000003h
                                                                                                                                                                                                                                                                                                                          push 00474D96h
                                                                                                                                                                                                                                                                                                                          push dword ptr [ebp-08h]
                                                                                                                                                                                                                                                                                                                          call 00007FA4386AE644h
                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual Size Is in Section
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXPORT0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IMPORT0x790000xc8.imports
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESOURCE0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_EXCEPTION0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_SECURITY0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BASERELOC0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DEBUG0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COPYRIGHT0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_GLOBALPTR0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_TLS0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_LOAD_CONFIG0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_BOUND_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_IAT0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_DELAY_IMPORT0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_COM_DESCRIPTOR0x00x0
                                                                                                                                                                                                                                                                                                                          IMAGE_DIRECTORY_ENTRY_RESERVED0x00x0
                                                                                                                                                                                                                                                                                                                          NameVirtual AddressVirtual SizeRaw SizeMD5Xored PEZLIB ComplexityFile TypeEntropyCharacteristics
                                                                                                                                                                                                                                                                                                                          UPX00x10000x740000x73e00ca42adacd995b18ca19d76272ee8842aFalse0.024733262540453074data0.4619326821157285IMAGE_SCN_CNT_CODE, IMAGE_SCN_CNT_UNINITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                          UPX10x750000x30000x2a00b926594d85dd43cfac869e52e27f250aFalse0.5935639880952381data5.771304382344444IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_EXECUTE, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                          UPX20x780000x10000x4002bcdb781fb93ed2f4fcd058ccd1e6f47False0.2890625data2.4579807562741762IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                          .imports0x790000x10000x600fb27afeec80f9f41d22e6dcda522e610False0.4720052083333333data4.385977710973273IMAGE_SCN_CNT_INITIALIZED_DATA, IMAGE_SCN_MEM_READ, IMAGE_SCN_MEM_WRITE
                                                                                                                                                                                                                                                                                                                          DLLImport
                                                                                                                                                                                                                                                                                                                          KERNEL32.DLLFileTimeToDosDateTime, FindFirstFileA, FindNextFileA, FormatMessageA, GetCommandLineA, GetFileSize, GetModuleHandleA, CloseHandle, GetProcAddress, GetSystemTimeAsFileTime, GetTickCount, GetWindowsDirectoryA, CopyFileA, LoadLibraryA, CreateFileA, ReadFile, RtlUnwind, RtlZeroMemory, Sleep, TerminateThread, WinExec, CreateThread, DeleteFileA
                                                                                                                                                                                                                                                                                                                          ADVAPI32.DLLRegEnumValueA, RegCloseKey, RegOpenKeyA, RegSetValueExA
                                                                                                                                                                                                                                                                                                                          CRTDLL.DLL_filelength, _fileno, __GetMainArgs, exit, fclose, fgets, fopen, fprintf, fread, free, fwrite, malloc, memcpy, printf, raise, signal, sprintf, strcat, strchr, strcmp, strcpy, strlen, strncat, strncmp, strncpy
                                                                                                                                                                                                                                                                                                                          GDI32.DLLGetStockObject
                                                                                                                                                                                                                                                                                                                          iphlpapi.DLLGetNetworkParams
                                                                                                                                                                                                                                                                                                                          ole32.DLLCoCreateInstance, CLSIDFromString, CoInitialize, CoUninitialize
                                                                                                                                                                                                                                                                                                                          OLEAUT32.DLLSysAllocString
                                                                                                                                                                                                                                                                                                                          USER32.DLLGetWindowTextA, GetForegroundWindow, LoadCursorA, LoadIconA, SetTimer, KillTimer, RegisterClassA, MessageBoxA, GetMessageA, TranslateMessage, DispatchMessageA, PostQuitMessage, CreateWindowExA, DefWindowProcA
                                                                                                                                                                                                                                                                                                                          wsock32.dllWSAGetLastError, WSAStartup, closesocket, connect, gethostbyname, htons, inet_addr, ioctlsocket, ntohs, recv, select, send, socket
                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:31.672904015 CEST4975153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:31.678385019 CEST53497511.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:31.678498030 CEST4975153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:31.678555965 CEST4975153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:31.683505058 CEST53497511.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.189266920 CEST4975453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.194802046 CEST4975553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.195992947 CEST53497541.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.196057081 CEST4975453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.198785067 CEST4975453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.202193022 CEST53497551.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.202255964 CEST4975553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.202327967 CEST4975553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.202765942 CEST4975653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.205646992 CEST4975753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.206136942 CEST53497541.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.210215092 CEST4975853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.211002111 CEST53497551.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.211028099 CEST53497561.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.211082935 CEST4975653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.211127996 CEST4975653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.212801933 CEST53497571.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.212871075 CEST4975753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.212913990 CEST4975753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.214715958 CEST4975953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.217398882 CEST53497581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.217470884 CEST4975853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.217534065 CEST4975853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.218326092 CEST53497561.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.220014095 CEST53497571.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.221132040 CEST53497591.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.221185923 CEST4975953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.221231937 CEST4975953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.225255966 CEST53497581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.228725910 CEST53497591.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.813043118 CEST53497541.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.813163996 CEST4975453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.818818092 CEST53497541.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.818886042 CEST4975453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.830504894 CEST4976425192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.833194017 CEST53497561.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.833288908 CEST4975653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.833895922 CEST4976525192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.838660955 CEST53497561.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.838710070 CEST4975653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.840112925 CEST53497571.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.840207100 CEST4975753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.840653896 CEST4976625192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.845732927 CEST53497571.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.845787048 CEST4975753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.863497019 CEST53497551.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.863576889 CEST4975553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.865941048 CEST53497581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.866015911 CEST4975853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.868777990 CEST53497551.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.868839025 CEST4975553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.871824026 CEST53497581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.871881962 CEST4975853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.873460054 CEST4976825192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.908169985 CEST53497591.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.908263922 CEST4975953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.908767939 CEST4976925192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.913718939 CEST53497591.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.913781881 CEST4975953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:33.298768997 CEST53497511.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:33.298887014 CEST4975153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:33.299465895 CEST4977025192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:33.304975033 CEST53497511.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:33.305049896 CEST4975153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:33.829210997 CEST4976425192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:33.844839096 CEST4976625192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:33.848112106 CEST4976525192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:33.878406048 CEST4976825192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:33.916749001 CEST4976925192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:34.275413990 CEST4977653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:34.280533075 CEST53497761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:34.280642986 CEST4977653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:34.280704021 CEST4977653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:34.285516977 CEST53497761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:34.297971964 CEST4977025192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:35.099380016 CEST53497761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:35.099555969 CEST4977653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:35.106256008 CEST53497761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:35.106429100 CEST4977653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:35.844826937 CEST4976425192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:35.844827890 CEST4976625192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:35.860443115 CEST4976525192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:35.891689062 CEST4976825192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:35.923010111 CEST4976925192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:36.297982931 CEST4977025192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:36.603528976 CEST4978753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:36.610357046 CEST53497871.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:36.610474110 CEST4978753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:36.612914085 CEST4978753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:36.617793083 CEST53497871.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:37.249533892 CEST53497871.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:37.249630928 CEST4978753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:37.254909992 CEST53497871.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:37.257550001 CEST4978753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:38.649769068 CEST4979853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:38.654752970 CEST53497981.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:38.654853106 CEST4979853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:38.654906034 CEST4979853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:38.659706116 CEST53497981.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:39.280539989 CEST53497981.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:39.280633926 CEST4979853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:39.285892010 CEST53497981.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:39.285959005 CEST4979853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:39.849586010 CEST4976625192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:39.860476971 CEST4976425192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:39.860488892 CEST4976525192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:39.891720057 CEST4976825192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:39.922982931 CEST4976925192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:40.360467911 CEST4977025192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:40.804605961 CEST4981453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:40.810194969 CEST53498141.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:40.810307980 CEST4981453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:40.810364962 CEST4981453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:40.815253973 CEST53498141.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.472033024 CEST53498141.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.472126961 CEST4981453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.477535009 CEST53498141.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.477634907 CEST4981453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.971856117 CEST4982353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.977133036 CEST53498231.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.977257013 CEST4982353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.979149103 CEST4982453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.979149103 CEST4982353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.984071970 CEST53498241.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.984148979 CEST53498231.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.984265089 CEST4982453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.984265089 CEST4982453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.985101938 CEST4982553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.989198923 CEST53498241.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.989949942 CEST53498251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.993433952 CEST4982653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.993433952 CEST4982553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.993550062 CEST4982553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.995526075 CEST4982753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.998871088 CEST53498261.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.998958111 CEST53498251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.999118090 CEST4982653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.999118090 CEST4982653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.000415087 CEST53498271.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.000859022 CEST4982753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.001213074 CEST4982753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.004374981 CEST53498261.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.004867077 CEST4982853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.006370068 CEST53498271.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.009835958 CEST53498281.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.010231972 CEST4982853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.010576010 CEST4982853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.010864019 CEST4982953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.015353918 CEST53498281.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.015922070 CEST53498291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.016051054 CEST4982953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.017591953 CEST4982953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.022540092 CEST53498291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.589468956 CEST53498231.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.589946985 CEST4982353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.592961073 CEST4983525192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.595397949 CEST53498231.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.595560074 CEST4982353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.615298033 CEST53498241.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.619488955 CEST4983625192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.619491100 CEST4982453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.621620893 CEST53498291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.624825954 CEST53498241.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.626662016 CEST53498251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.627149105 CEST4982453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.627526999 CEST4982953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.632771969 CEST53498291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.635127068 CEST4982953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.640028954 CEST53498281.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.641351938 CEST4982553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.641498089 CEST4982853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.642066002 CEST4983725192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.642477989 CEST4983825192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.646680117 CEST53498251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.646790028 CEST4982553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.647351027 CEST53498281.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.647420883 CEST4982853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.655005932 CEST53498271.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.655127048 CEST4982753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.655682087 CEST4983925192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.660547018 CEST53498271.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.660653114 CEST4982753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.669969082 CEST53498261.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.670068979 CEST4982653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.670509100 CEST4984025192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.676717997 CEST53498261.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.677268028 CEST4982653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.873148918 CEST4984153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.878459930 CEST53498411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.878612041 CEST4984153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.878637075 CEST4984153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.884437084 CEST53498411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.497214079 CEST53498411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.497364998 CEST4984153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.502952099 CEST53498411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.503079891 CEST4984153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.507016897 CEST4984525192.168.2.774.125.206.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.594847918 CEST4983525192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.626113892 CEST4983625192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.657376051 CEST4983825192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.657565117 CEST4983925192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.673090935 CEST4983725192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.673161030 CEST4984025192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:44.113989115 CEST4984853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:44.119494915 CEST53498481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:44.119570017 CEST4984853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:44.119651079 CEST4984853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:44.124577045 CEST53498481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:44.548036098 CEST4984525192.168.2.774.125.206.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:44.975835085 CEST53498481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:44.975927114 CEST4984853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:44.981435061 CEST53498481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:44.981508017 CEST4984853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:45.353734970 CEST6152953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:45.360615015 CEST53615291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:45.360790014 CEST6152953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:45.402162075 CEST53615291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:45.657396078 CEST4983825192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:45.657449007 CEST4983925192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:45.704271078 CEST4983525192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:45.704288960 CEST4983625192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:45.704292059 CEST4983725192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:45.704384089 CEST4984025192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:45.985656977 CEST6152953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:45.990966082 CEST53615291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:45.991276979 CEST6152953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:46.120057106 CEST6153453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:46.125037909 CEST53615341.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:46.126590967 CEST6153453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:46.127094030 CEST6153453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:46.132122040 CEST53615341.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:46.548120975 CEST4984525192.168.2.774.125.206.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:46.758001089 CEST53615341.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:46.758130074 CEST6153453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:46.763617992 CEST53615341.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:46.763809919 CEST6153453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:47.860517979 CEST4976625192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:47.891763926 CEST4976425192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:47.891781092 CEST4976825192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:47.891782045 CEST4976525192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:48.001157045 CEST4976925192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:48.198470116 CEST6154853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:48.256860018 CEST53615481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:48.256937027 CEST6154853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:48.257060051 CEST6154853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:48.360527039 CEST4977025192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:48.518199921 CEST53615481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:49.176964045 CEST53615481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:49.177823067 CEST6154853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:49.183128119 CEST53615481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:49.183435917 CEST6154853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:49.657404900 CEST4983825192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:49.657406092 CEST4983925192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:49.719892025 CEST4983625192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:49.719891071 CEST4983525192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:49.719961882 CEST4983725192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:49.719964981 CEST4984025192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:50.381794930 CEST6155853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:50.387375116 CEST53615581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:50.387471914 CEST6155853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:50.387541056 CEST6155853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:50.392421961 CEST53615581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:50.548027992 CEST4984525192.168.2.774.125.206.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:50.993916035 CEST53615581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:50.995527029 CEST6155853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:51.000899076 CEST53615581.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:51.003536940 CEST6155853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:52.433459997 CEST6157053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:52.438452959 CEST53615701.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:52.438544035 CEST6157053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:52.438755035 CEST6157053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:52.443588972 CEST53615701.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:53.396567106 CEST53615701.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:53.396697998 CEST6157053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:53.397389889 CEST6157725192.168.2.774.125.206.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:53.401896954 CEST53615701.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:53.402000904 CEST6157053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:54.407454014 CEST6157725192.168.2.774.125.206.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:56.407532930 CEST6157725192.168.2.774.125.206.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:57.657479048 CEST4983925192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:57.657483101 CEST4983825192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:57.719940901 CEST4983525192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:57.719958067 CEST4983625192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:57.719991922 CEST4983725192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:57.719999075 CEST4984025192.168.2.7142.251.9.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:58.548052073 CEST4984525192.168.2.774.125.206.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:00.423070908 CEST6157725192.168.2.774.125.206.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.850600958 CEST6164153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.855926991 CEST53616411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.856018066 CEST6164153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.856077909 CEST6164153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.861879110 CEST53616411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.864830971 CEST6164353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.870476007 CEST6164453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.870704889 CEST53616431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.870809078 CEST6164353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.870923042 CEST6164353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.874335051 CEST6164253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.876288891 CEST53616441.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.876370907 CEST6164453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.877006054 CEST53616431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.880273104 CEST53616421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.880350113 CEST6164253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.880752087 CEST6164453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.881062031 CEST6164253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.886512995 CEST53616441.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.886806011 CEST53616421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.887209892 CEST6164553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.887867928 CEST6164653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.892122030 CEST53616451.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.892191887 CEST6164553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.893004894 CEST53616461.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.893060923 CEST6164653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.893460035 CEST6164553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.893544912 CEST6164653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.898284912 CEST53616451.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.898447990 CEST53616461.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.472579002 CEST53616411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.472757101 CEST6164153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.478115082 CEST53616411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.478193998 CEST6164153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.484711885 CEST6165225192.168.2.752.101.42.5
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.507949114 CEST53616451.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.514014006 CEST6164553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.519438028 CEST53616451.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.519495010 CEST6164553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.522303104 CEST6165325192.168.2.774.125.200.26
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.562788963 CEST53616431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.562977076 CEST6164353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.569222927 CEST53616431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.569300890 CEST6164353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.647842884 CEST53616441.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.647994995 CEST6164453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.653723955 CEST53616441.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.653812885 CEST6164453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.759618044 CEST53616461.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.759741068 CEST6164653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.765896082 CEST53616461.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.765968084 CEST6164653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.485591888 CEST6165225192.168.2.752.101.42.5
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.532450914 CEST6165325192.168.2.774.125.200.26
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.913836956 CEST6166153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.918776035 CEST53616611.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.918883085 CEST6166253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.918916941 CEST6166153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.919024944 CEST6166153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.923823118 CEST53616621.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.923952103 CEST6166353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.923996925 CEST6166253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.924074888 CEST6166253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.924632072 CEST53616611.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.928997040 CEST53616631.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.929018021 CEST53616621.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.929205894 CEST6166353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.929239988 CEST6166353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.934211016 CEST53616631.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.945296049 CEST53616421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.945390940 CEST6164253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.952630997 CEST53616421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.952698946 CEST6164253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:07.577963114 CEST53616611.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:07.585694075 CEST6166153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:07.591315031 CEST53616611.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:07.593476057 CEST6166153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:07.660904884 CEST53616621.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:07.680154085 CEST6166253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:07.685529947 CEST53616621.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:07.685601950 CEST6166253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:07.728584051 CEST6166725192.168.2.7193.42.222.38
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.101253033 CEST53616631.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.101604939 CEST6166353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.116305113 CEST53616631.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.116389990 CEST6166353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.140790939 CEST6167125192.168.2.752.101.73.28
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.423105001 CEST6157725192.168.2.774.125.206.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.491894007 CEST6165225192.168.2.752.101.42.5
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.548082113 CEST6165325192.168.2.774.125.200.26
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.735588074 CEST6166725192.168.2.7193.42.222.38
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.802700996 CEST6167653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.807849884 CEST53616761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.807936907 CEST6167653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.807995081 CEST6167653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.813153028 CEST53616761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.817823887 CEST6167753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.823290110 CEST53616771.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.823367119 CEST6167753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.823420048 CEST6167753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.828285933 CEST53616771.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:09.141836882 CEST6167125192.168.2.752.101.73.28
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:09.462554932 CEST53616771.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:09.462692976 CEST6167753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:09.467952013 CEST53616771.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:09.468066931 CEST6167753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:09.497747898 CEST53616761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:09.497848988 CEST6167653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:09.503206968 CEST53616761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:09.503259897 CEST6167653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:10.735605001 CEST6166725192.168.2.7193.42.222.38
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:10.865211010 CEST6168353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:10.868705034 CEST6168453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:10.870129108 CEST53616831.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:10.871613026 CEST6168353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:10.871707916 CEST6168353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:10.873557091 CEST53616841.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:10.873624086 CEST6168453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:10.873667955 CEST6168453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:10.876530886 CEST53616831.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:10.878577948 CEST53616841.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:11.141851902 CEST6167125192.168.2.752.101.73.28
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:11.503228903 CEST53616841.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:11.503312111 CEST6168453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:11.503916025 CEST6168825192.168.2.774.125.206.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:11.509983063 CEST53616831.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:11.510067940 CEST6168353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:11.511538029 CEST53616841.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:11.511589050 CEST6168453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:11.515528917 CEST53616831.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:11.515588045 CEST6168353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:12.501238108 CEST6165225192.168.2.752.101.42.5
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:12.516921997 CEST6168825192.168.2.774.125.206.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:12.548156023 CEST6165325192.168.2.774.125.200.26
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:12.945713043 CEST6169553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:12.951035023 CEST53616951.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:12.951160908 CEST6169553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:12.951230049 CEST6169553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:12.956340075 CEST53616951.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:13.745976925 CEST53616951.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:13.746268988 CEST6169553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:13.751768112 CEST53616951.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:13.751878023 CEST6169553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:13.761750937 CEST6170025192.168.2.7192.124.249.110
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:14.532535076 CEST6168825192.168.2.774.125.206.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:14.751296997 CEST6166725192.168.2.7193.42.222.38
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:14.766896009 CEST6170025192.168.2.7192.124.249.110
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:15.141916037 CEST6167125192.168.2.752.101.73.28
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:15.477705002 CEST6171153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:15.482808113 CEST53617111.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:15.482923031 CEST6171153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:15.483074903 CEST6171153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:15.488282919 CEST53617111.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:16.095861912 CEST53617111.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:16.096019030 CEST6171153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:16.101531029 CEST53617111.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:16.101619005 CEST6171153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:16.782572031 CEST6170025192.168.2.7192.124.249.110
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:17.350055933 CEST6172053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:17.355237961 CEST53617201.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:17.355434895 CEST6172053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:17.355434895 CEST6172053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:17.360438108 CEST53617201.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:18.029957056 CEST53617201.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:18.030164003 CEST6172053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:18.036448956 CEST53617201.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:18.036525011 CEST6172053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:18.532502890 CEST6168825192.168.2.774.125.206.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:19.131222963 CEST6172553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:19.136703014 CEST53617251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:19.136778116 CEST6172553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:19.136831999 CEST6172553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:19.141978979 CEST53617251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:19.758054018 CEST53617251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:19.758168936 CEST6172553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:19.764573097 CEST53617251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:19.764848948 CEST6172553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:20.501293898 CEST6165225192.168.2.752.101.42.5
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:20.548230886 CEST6165325192.168.2.774.125.200.26
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:20.787240028 CEST6172653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:20.792396069 CEST53617261.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:20.792495012 CEST6172653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:20.792685986 CEST6172653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:20.797589064 CEST53617261.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:20.798135042 CEST6170025192.168.2.7192.124.249.110
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:21.452949047 CEST53617261.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:21.453043938 CEST6172653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:21.458422899 CEST53617261.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:21.458476067 CEST6172653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:21.461214066 CEST6172725192.168.2.7212.227.15.41
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:22.470068932 CEST6172725192.168.2.7212.227.15.41
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:22.751548052 CEST6166725192.168.2.7193.42.222.38
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:23.157785892 CEST6167125192.168.2.752.101.73.28
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:24.470045090 CEST6172725192.168.2.7212.227.15.41
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:26.548175097 CEST6168825192.168.2.774.125.206.27
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:27.709810019 CEST6172953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:27.713758945 CEST6173053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:27.714854956 CEST53617291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:27.714943886 CEST6172953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:27.714981079 CEST6172953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:27.718646049 CEST53617301.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:27.718729019 CEST6173053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:27.718931913 CEST6173053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:27.720014095 CEST53617291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:27.724256039 CEST53617301.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.485683918 CEST6172725192.168.2.7212.227.15.41
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.495239973 CEST53617291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.495336056 CEST6172953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.495953083 CEST6173125192.168.2.7212.227.15.41
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.500870943 CEST53617291.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.500941992 CEST6172953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.519844055 CEST53617301.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.519931078 CEST6173053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.525191069 CEST53617301.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.525250912 CEST6173053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.544116020 CEST6173225192.168.2.7116.202.20.146
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.813827991 CEST6170025192.168.2.7192.124.249.110
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:29.501364946 CEST6173125192.168.2.7212.227.15.41
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:29.548182964 CEST6173225192.168.2.7116.202.20.146
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:29.865828037 CEST6173353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:29.870712042 CEST53617331.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:29.870830059 CEST6173353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:29.870894909 CEST6173353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:29.875797033 CEST53617331.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:30.367172956 CEST6173453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:30.372148037 CEST53617341.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:30.372246027 CEST6173453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:30.372342110 CEST6173453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:30.377315044 CEST53617341.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:30.554155111 CEST53617331.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:30.554312944 CEST6173353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:30.555130959 CEST6173525192.168.2.7212.227.15.41
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:30.559444904 CEST53617331.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:30.559525013 CEST6173353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:31.501310110 CEST6173125192.168.2.7212.227.15.41
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:31.548176050 CEST6173225192.168.2.7116.202.20.146
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:31.563858032 CEST6173525192.168.2.7212.227.15.41
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:31.629719973 CEST53617341.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:31.629884958 CEST6173453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:31.635277033 CEST53617341.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:31.635345936 CEST6173453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:31.701019049 CEST6173625192.168.2.7217.13.200.22
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:32.704471111 CEST6173625192.168.2.7217.13.200.22
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:33.567827940 CEST6173525192.168.2.7212.227.15.41
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:33.615490913 CEST6173753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:33.620511055 CEST53617371.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:33.620604992 CEST6173753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:33.620835066 CEST6173753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:33.625715971 CEST53617371.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:34.618278027 CEST53617371.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:34.618421078 CEST6173753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:34.623672962 CEST53617371.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:34.623754978 CEST6173753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:34.637440920 CEST6173825192.168.2.785.13.166.174
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:34.720156908 CEST6173625192.168.2.7217.13.200.22
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:35.501389980 CEST6173125192.168.2.7212.227.15.41
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:35.548232079 CEST6173225192.168.2.7116.202.20.146
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:35.626365900 CEST6173825192.168.2.785.13.166.174
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:35.870359898 CEST6173953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:36.035124063 CEST53617391.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:36.035242081 CEST6173953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:36.035370111 CEST6173953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:36.040209055 CEST53617391.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:36.501444101 CEST6172725192.168.2.7212.227.15.41
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:37.333700895 CEST53617391.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:37.333873034 CEST6173953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:37.339523077 CEST53617391.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:37.339592934 CEST6173953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:37.360635042 CEST6174025192.168.2.791.198.189.25
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:37.563858032 CEST6173525192.168.2.7212.227.15.41
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:37.626343966 CEST6173825192.168.2.785.13.166.174
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:38.345098972 CEST6174025192.168.2.791.198.189.25
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:38.735724926 CEST6173625192.168.2.7217.13.200.22
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:40.345097065 CEST6174025192.168.2.791.198.189.25
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:41.626369953 CEST6173825192.168.2.785.13.166.174
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:42.773228884 CEST6174153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:42.778331995 CEST53617411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:42.778532982 CEST6174153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:42.778708935 CEST6174153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:42.783632994 CEST53617411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.241398096 CEST6174253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.246270895 CEST53617421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.246364117 CEST6174253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.246457100 CEST6174253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.247231007 CEST6174353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.251784086 CEST53617421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.252418995 CEST53617431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.252496004 CEST6174353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.252697945 CEST6174353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.257770061 CEST53617431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.400312901 CEST53617411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.400490999 CEST6174153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.406549931 CEST53617411.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.406636000 CEST6174153192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.553175926 CEST6174453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.558088064 CEST53617441.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.558207035 CEST6174453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.558378935 CEST6174453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.563496113 CEST53617441.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.664585114 CEST6174553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.670428991 CEST53617451.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.670522928 CEST6174553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.670593023 CEST6174553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.675558090 CEST53617451.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.929126978 CEST6174653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.147587061 CEST6174753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.149200916 CEST53617421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.150567055 CEST53617431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.151060104 CEST53617421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.151108027 CEST6174253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.152512074 CEST53617461.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.152571917 CEST6174653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.152658939 CEST6174653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.153301954 CEST53617471.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.153366089 CEST6174753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.153481007 CEST6174753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.157567024 CEST53617461.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.158477068 CEST53617471.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.187609911 CEST53617441.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.190620899 CEST53617431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.190697908 CEST6174353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.235728025 CEST6174453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.427783012 CEST6174853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.432693005 CEST53617481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.432811975 CEST6174853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.432869911 CEST6174853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.437700033 CEST53617481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.440144062 CEST53617451.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.485754013 CEST6174553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.908622980 CEST53617471.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.954595089 CEST6174753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:45.075118065 CEST53617461.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:45.126334906 CEST6174653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:45.234471083 CEST53617481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:45.282618046 CEST6174853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.035721064 CEST6174953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.037619114 CEST6175053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.040647984 CEST53617491.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.040754080 CEST6174953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.040849924 CEST6174953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.042756081 CEST53617501.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.043715000 CEST6175053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.043785095 CEST6175053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.045835972 CEST53617491.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.048826933 CEST53617501.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.634429932 CEST53617491.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.634582996 CEST6174953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.641772985 CEST53617491.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.641844988 CEST6174953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.644046068 CEST53617501.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.644143105 CEST6175053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.650513887 CEST53617501.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.652848005 CEST6175053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:53.887221098 CEST53617421.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:53.887286901 CEST6174253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:53.890940905 CEST53617431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:53.893668890 CEST6174353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:54.189377069 CEST53617441.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:54.189435005 CEST6174453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:54.278399944 CEST53617451.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:54.281547070 CEST6174553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:54.787545919 CEST53617461.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:54.789287090 CEST53617471.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:54.789359093 CEST6174653192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:54.789518118 CEST6174753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:55.050169945 CEST53617481.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:55.050221920 CEST6174853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          TimestampSource PortDest PortSource IPDest IP
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:19.227881908 CEST6144553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:30.328043938 CEST6261853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:30.335427046 CEST53626181.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.818161964 CEST6299253192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.829463005 CEST53629921.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.497930050 CEST5903853192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.506225109 CEST53590381.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:45.352641106 CEST53646761.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.473228931 CEST5032753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.484056950 CEST53503271.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.514619112 CEST5717053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.521600962 CEST53571701.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.945962906 CEST5589753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.953793049 CEST53558971.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:07.680766106 CEST6407053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:07.725754023 CEST53640701.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.102183104 CEST5784353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.140208960 CEST53578431.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:13.746958971 CEST6483353192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:13.760760069 CEST53648331.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:21.453537941 CEST5072453192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:21.460581064 CEST53507241.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.520360947 CEST6233953192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.543644905 CEST53623391.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:31.630444050 CEST5693753192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:31.700397015 CEST53569371.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:34.619025946 CEST5562553192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:34.636754036 CEST53556251.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:37.334536076 CEST5391053192.168.2.71.1.1.1
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:37.359704018 CEST53539101.1.1.1192.168.2.7
                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDOP CodeNameTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:19.227881908 CEST192.168.2.71.1.1.10x38b8Standard query (0)time.windows.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:30.328043938 CEST192.168.2.71.1.1.10xeb5eStandard query (0)www.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:31.678555965 CEST192.168.2.71.1.1.10x7a69Standard query (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.198785067 CEST192.168.2.71.1.1.10x7a69Standard query (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.202327967 CEST192.168.2.71.1.1.10x7a69Standard query (0)search.mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.211127996 CEST192.168.2.71.1.1.10x7a69Standard query (0)mozilla.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.212913990 CEST192.168.2.71.1.1.10x7a69Standard query (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.217534065 CEST192.168.2.71.1.1.10x7a69Standard query (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.221231937 CEST192.168.2.71.1.1.10x7a69Standard query (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.818161964 CEST192.168.2.71.1.1.10x5010Standard query (0)aspmx3.googlemail.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:34.280704021 CEST192.168.2.71.1.1.10x7a69Standard query (0)search.mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:36.612914085 CEST192.168.2.71.1.1.10x7a69Standard query (0)search.mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:38.654906034 CEST192.168.2.71.1.1.10x7a69Standard query (0)search.mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:40.810364962 CEST192.168.2.71.1.1.10x7a69Standard query (0)search.mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.979149103 CEST192.168.2.71.1.1.10x7a69Standard query (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.984265089 CEST192.168.2.71.1.1.10x7a69Standard query (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.993550062 CEST192.168.2.71.1.1.10x7a69Standard query (0)search.mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.999118090 CEST192.168.2.71.1.1.10x7a69Standard query (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.001213074 CEST192.168.2.71.1.1.10x7a69Standard query (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.010576010 CEST192.168.2.71.1.1.10x7a69Standard query (0)mozilla.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.017591953 CEST192.168.2.71.1.1.10x7a69Standard query (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.878637075 CEST192.168.2.71.1.1.10x7a69Standard query (0)google.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.497930050 CEST192.168.2.71.1.1.10x8483Standard query (0)smtp.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:44.119651079 CEST192.168.2.71.1.1.10x7a69Standard query (0)search.mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:46.127094030 CEST192.168.2.71.1.1.10x7a69Standard query (0)search.mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:48.257060051 CEST192.168.2.71.1.1.10x7a69Standard query (0)search.mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:50.387541056 CEST192.168.2.71.1.1.10x7a69Standard query (0)search.mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:52.438755035 CEST192.168.2.71.1.1.10x7a69Standard query (0)google.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.856077909 CEST192.168.2.71.1.1.10x7a69Standard query (0)outlook.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.870923042 CEST192.168.2.71.1.1.10x7a69Standard query (0)2x.pngMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.880752087 CEST192.168.2.71.1.1.10x7a69Standard query (0)accv.esMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.881062031 CEST192.168.2.71.1.1.10x7a69Standard query (0)trustcentre.co.zaMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.893460035 CEST192.168.2.71.1.1.10x7a69Standard query (0)gmail.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:04.893544912 CEST192.168.2.71.1.1.10x7a69Standard query (0)mtin.esMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.473228931 CEST192.168.2.71.1.1.10x959bStandard query (0)outlook-com.olc.protection.outlook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.514619112 CEST192.168.2.71.1.1.10x158dStandard query (0)alt4.gmail-smtp-in.l.google.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.919024944 CEST192.168.2.71.1.1.10x7a69Standard query (0)catcert.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.924074888 CEST192.168.2.71.1.1.10x7a69Standard query (0)e-szigno.huMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.929239988 CEST192.168.2.71.1.1.10x7a69Standard query (0)sk.eeMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.945962906 CEST192.168.2.71.1.1.10xe5bcStandard query (0)in.hes.trendmicro.euA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:07.680766106 CEST192.168.2.71.1.1.10x10a9Standard query (0)mail.microsec.huA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.102183104 CEST192.168.2.71.1.1.10x7852Standard query (0)sk-ee.mail.protection.outlook.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.807995081 CEST192.168.2.71.1.1.10x7a69Standard query (0)chambersign.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.823420048 CEST192.168.2.71.1.1.10x7a69Standard query (0)chambersign.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:10.871707916 CEST192.168.2.71.1.1.10x7a69Standard query (0)garagejournal.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:10.873667955 CEST192.168.2.71.1.1.10x7a69Standard query (0)tripadvisor.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:12.951230049 CEST192.168.2.71.1.1.10x7a69Standard query (0)mylivewallpapers.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:13.746958971 CEST192.168.2.71.1.1.10x77ceStandard query (0)mylivewallpapers.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:15.483074903 CEST192.168.2.71.1.1.10x7a69Standard query (0)candidate.hr-manager.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:19.136831999 CEST192.168.2.71.1.1.10x7a69Standard query (0)ads.talkscreativity.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:20.792685986 CEST192.168.2.71.1.1.10x7a69Standard query (0)belgieninfo.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:21.453537941 CEST192.168.2.71.1.1.10x6e6eStandard query (0)mx00.ionos.deA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:27.714981079 CEST192.168.2.71.1.1.10x7a69Standard query (0)delamar.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:27.718931913 CEST192.168.2.71.1.1.10x7a69Standard query (0)googlewatchblog.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.520360947 CEST192.168.2.71.1.1.10x6089Standard query (0)pommes.hebbet.deA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:29.870894909 CEST192.168.2.71.1.1.10x7a69Standard query (0)lintorfer.euMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:30.372342110 CEST192.168.2.71.1.1.10x7a69Standard query (0)schule-studium.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:31.630444050 CEST192.168.2.71.1.1.10xd196Standard query (0)mx2.schule-studium.deA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:33.620835066 CEST192.168.2.71.1.1.10x7a69Standard query (0)windowspower.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:34.619025946 CEST192.168.2.71.1.1.10xf99aStandard query (0)w0187a3c.kasserver.comA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:36.035370111 CEST192.168.2.71.1.1.10x7a69Standard query (0)wirsiegen.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:37.334536076 CEST192.168.2.71.1.1.10x7813Standard query (0)mx04.mail.millenniumarts.netA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:42.778708935 CEST192.168.2.71.1.1.10x7a69Standard query (0)wp.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.246457100 CEST192.168.2.71.1.1.10x7a69Standard query (0)guenstiger.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.252697945 CEST192.168.2.71.1.1.10x7a69Standard query (0)games.chMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.558378935 CEST192.168.2.71.1.1.10x7a69Standard query (0)zentrum-der-gesundheit.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.670593023 CEST192.168.2.71.1.1.10x7a69Standard query (0)stroeerdigitalgroup.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.152658939 CEST192.168.2.71.1.1.10x7a69Standard query (0)radiosantiago.clMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.153481007 CEST192.168.2.71.1.1.10x7a69Standard query (0)fanpelis.acMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.432869911 CEST192.168.2.71.1.1.10x7a69Standard query (0)blog.lesoir.beMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.040849924 CEST192.168.2.71.1.1.10x7a69Standard query (0)mozilla.org.xpiMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.043785095 CEST192.168.2.71.1.1.10x7a69Standard query (0)mozilla.org.xpiMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          TimestampSource IPDest IPTrans IDReply CodeNameCNameAddressTypeClassDNS over HTTPS
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:19.235368967 CEST1.1.1.1192.168.2.70x38b8No error (0)time.windows.comtwc.trafficmanager.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:22.310487032 CEST1.1.1.1192.168.2.70x49b9No error (0)shed.dual-low.s-part-0017.t-0009.t-msedge.nets-part-0017.t-0009.t-msedge.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:22.310487032 CEST1.1.1.1192.168.2.70x49b9No error (0)s-part-0017.t-0009.t-msedge.net13.107.246.45A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:30.335427046 CEST1.1.1.1192.168.2.70xeb5eNo error (0)www.google.com142.250.184.196A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.813043118 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.813043118 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.813043118 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.813043118 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.829463005 CEST1.1.1.1192.168.2.70x5010No error (0)aspmx3.googlemail.com142.251.9.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.833194017 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.833194017 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.833194017 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.833194017 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.840112925 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.840112925 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.840112925 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.840112925 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.863497019 CEST1.1.1.1192.168.2.70x7a69Name error (3)search.mozilla.orgnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.865941048 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.865941048 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.865941048 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.865941048 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.908169985 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.908169985 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.908169985 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:32.908169985 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:33.298768997 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:33.298768997 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:33.298768997 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:33.298768997 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:35.099380016 CEST1.1.1.1192.168.2.70x7a69Name error (3)search.mozilla.orgnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:37.249533892 CEST1.1.1.1192.168.2.70x7a69Name error (3)search.mozilla.orgnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:39.280539989 CEST1.1.1.1192.168.2.70x7a69Name error (3)search.mozilla.orgnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:41.472033024 CEST1.1.1.1192.168.2.70x7a69Name error (3)search.mozilla.orgnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.589468956 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.589468956 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.589468956 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.589468956 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.615298033 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.615298033 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.615298033 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.615298033 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.621620893 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.621620893 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.621620893 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.621620893 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.626662016 CEST1.1.1.1192.168.2.70x7a69Name error (3)search.mozilla.orgnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.640028954 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.640028954 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.640028954 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.640028954 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.655005932 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.655005932 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.655005932 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.655005932 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.669969082 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.669969082 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.669969082 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:42.669969082 CEST1.1.1.1192.168.2.70x7a69No error (0)mozilla.orgMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.497214079 CEST1.1.1.1192.168.2.70x7a69No error (0)google.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.506225109 CEST1.1.1.1192.168.2.70x8483No error (0)smtp.google.com74.125.206.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.506225109 CEST1.1.1.1192.168.2.70x8483No error (0)smtp.google.com64.233.167.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.506225109 CEST1.1.1.1192.168.2.70x8483No error (0)smtp.google.com74.125.206.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.506225109 CEST1.1.1.1192.168.2.70x8483No error (0)smtp.google.com64.233.166.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:43.506225109 CEST1.1.1.1192.168.2.70x8483No error (0)smtp.google.com64.233.167.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:44.975835085 CEST1.1.1.1192.168.2.70x7a69Name error (3)search.mozilla.orgnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:46.758001089 CEST1.1.1.1192.168.2.70x7a69Name error (3)search.mozilla.orgnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:49.176964045 CEST1.1.1.1192.168.2.70x7a69Name error (3)search.mozilla.orgnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:50.993916035 CEST1.1.1.1192.168.2.70x7a69Name error (3)search.mozilla.orgnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:02:53.396567106 CEST1.1.1.1192.168.2.70x7a69No error (0)google.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.472579002 CEST1.1.1.1192.168.2.70x7a69No error (0)outlook.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.484056950 CEST1.1.1.1192.168.2.70x959bNo error (0)outlook-com.olc.protection.outlook.com52.101.42.5A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.484056950 CEST1.1.1.1192.168.2.70x959bNo error (0)outlook-com.olc.protection.outlook.com52.101.73.20A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.484056950 CEST1.1.1.1192.168.2.70x959bNo error (0)outlook-com.olc.protection.outlook.com52.101.11.18A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.484056950 CEST1.1.1.1192.168.2.70x959bNo error (0)outlook-com.olc.protection.outlook.com52.101.11.16A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.507949114 CEST1.1.1.1192.168.2.70x7a69No error (0)gmail.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.507949114 CEST1.1.1.1192.168.2.70x7a69No error (0)gmail.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.507949114 CEST1.1.1.1192.168.2.70x7a69No error (0)gmail.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.507949114 CEST1.1.1.1192.168.2.70x7a69No error (0)gmail.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.507949114 CEST1.1.1.1192.168.2.70x7a69No error (0)gmail.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.521600962 CEST1.1.1.1192.168.2.70x158dNo error (0)alt4.gmail-smtp-in.l.google.com74.125.200.26A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.562788963 CEST1.1.1.1192.168.2.70x7a69Name error (3)2x.pngnonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:05.647842884 CEST1.1.1.1192.168.2.70x7a69No error (0)accv.esMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.945296049 CEST1.1.1.1192.168.2.70x7a69No error (0)trustcentre.co.zaMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.945296049 CEST1.1.1.1192.168.2.70x7a69No error (0)trustcentre.co.zaMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:06.953793049 CEST1.1.1.1192.168.2.70xe5bcName error (3)in.hes.trendmicro.eunonenoneA (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:07.577963114 CEST1.1.1.1192.168.2.70x7a69No error (0)catcert.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:07.660904884 CEST1.1.1.1192.168.2.70x7a69No error (0)e-szigno.huMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:07.725754023 CEST1.1.1.1192.168.2.70x10a9No error (0)mail.microsec.hu193.42.222.38A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.101253033 CEST1.1.1.1192.168.2.70x7a69No error (0)sk.eeMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.140208960 CEST1.1.1.1192.168.2.70x7852No error (0)sk-ee.mail.protection.outlook.com52.101.73.28A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.140208960 CEST1.1.1.1192.168.2.70x7852No error (0)sk-ee.mail.protection.outlook.com52.101.68.27A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.140208960 CEST1.1.1.1192.168.2.70x7852No error (0)sk-ee.mail.protection.outlook.com52.101.68.36A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:08.140208960 CEST1.1.1.1192.168.2.70x7852No error (0)sk-ee.mail.protection.outlook.com52.101.73.16A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:11.503228903 CEST1.1.1.1192.168.2.70x7a69No error (0)tripadvisor.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:11.509983063 CEST1.1.1.1192.168.2.70x7a69No error (0)garagejournal.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:13.745976925 CEST1.1.1.1192.168.2.70x7a69No error (0)mylivewallpapers.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:13.760760069 CEST1.1.1.1192.168.2.70x77ceNo error (0)mylivewallpapers.com192.124.249.110A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:21.452949047 CEST1.1.1.1192.168.2.70x7a69No error (0)belgieninfo.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:21.452949047 CEST1.1.1.1192.168.2.70x7a69No error (0)belgieninfo.netMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:21.460581064 CEST1.1.1.1192.168.2.70x6e6eNo error (0)mx00.ionos.de212.227.15.41A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.495239973 CEST1.1.1.1192.168.2.70x7a69No error (0)delamar.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.495239973 CEST1.1.1.1192.168.2.70x7a69No error (0)delamar.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.519844055 CEST1.1.1.1192.168.2.70x7a69No error (0)googlewatchblog.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:28.543644905 CEST1.1.1.1192.168.2.70x6089No error (0)pommes.hebbet.de116.202.20.146A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:30.554155111 CEST1.1.1.1192.168.2.70x7a69No error (0)lintorfer.euMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:30.554155111 CEST1.1.1.1192.168.2.70x7a69No error (0)lintorfer.euMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:31.629719973 CEST1.1.1.1192.168.2.70x7a69No error (0)schule-studium.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:31.629719973 CEST1.1.1.1192.168.2.70x7a69No error (0)schule-studium.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:31.700397015 CEST1.1.1.1192.168.2.70xd196No error (0)mx2.schule-studium.de217.13.200.22A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:34.618278027 CEST1.1.1.1192.168.2.70x7a69No error (0)windowspower.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:34.636754036 CEST1.1.1.1192.168.2.70xf99aNo error (0)w0187a3c.kasserver.com85.13.166.174A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:37.333700895 CEST1.1.1.1192.168.2.70x7a69No error (0)wirsiegen.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:37.333700895 CEST1.1.1.1192.168.2.70x7a69No error (0)wirsiegen.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:37.359704018 CEST1.1.1.1192.168.2.70x7813No error (0)mx04.mail.millenniumarts.net91.198.189.25A (IP address)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.400312901 CEST1.1.1.1192.168.2.70x7a69No error (0)wp.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:43.400312901 CEST1.1.1.1192.168.2.70x7a69No error (0)wp.comMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.149200916 CEST1.1.1.1192.168.2.70x7a69No error (0)guenstiger.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.149200916 CEST1.1.1.1192.168.2.70x7a69No error (0)guenstiger.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.150567055 CEST1.1.1.1192.168.2.70x7a69No error (0)games.chMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.150567055 CEST1.1.1.1192.168.2.70x7a69No error (0)games.chMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.151060104 CEST1.1.1.1192.168.2.70x7a69No error (0)guenstiger.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.151060104 CEST1.1.1.1192.168.2.70x7a69No error (0)guenstiger.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.187609911 CEST1.1.1.1192.168.2.70x7a69No error (0)zentrum-der-gesundheit.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.190620899 CEST1.1.1.1192.168.2.70x7a69No error (0)games.chMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.190620899 CEST1.1.1.1192.168.2.70x7a69No error (0)games.chMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.440144062 CEST1.1.1.1192.168.2.70x7a69No error (0)stroeerdigitalgroup.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:44.440144062 CEST1.1.1.1192.168.2.70x7a69No error (0)stroeerdigitalgroup.deMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:45.075118065 CEST1.1.1.1192.168.2.70x7a69No error (0)radiosantiago.clMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:45.234471083 CEST1.1.1.1192.168.2.70x7a69No error (0)blog.lesoir.beredirect-lesoir.rosseltech.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:45.234471083 CEST1.1.1.1192.168.2.70x7a69No error (0)redirect-lesoir.rosseltech.netfapamutp.rosseltech.netCNAME (Canonical name)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.634429932 CEST1.1.1.1192.168.2.70x7a69Name error (3)mozilla.org.xpinonenoneMX (Mail exchange)IN (0x0001)false
                                                                                                                                                                                                                                                                                                                          Oct 17, 2024 20:03:47.644046068 CEST1.1.1.1192.168.2.70x7a69Name error (3)mozilla.org.xpinonenoneMX (Mail exchange)IN (0x0001)false

                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                          Click to dive into process behavior distribution

                                                                                                                                                                                                                                                                                                                          Click to jump to process

                                                                                                                                                                                                                                                                                                                          Target ID:0
                                                                                                                                                                                                                                                                                                                          Start time:14:02:24
                                                                                                                                                                                                                                                                                                                          Start date:17/10/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Users\user\Desktop\4ui8luUSNp.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Users\user\Desktop\4ui8luUSNp.exe"
                                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                          File size:526'632 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:267B10ECA642BBC3534BE32CBC565F35
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          Target ID:1
                                                                                                                                                                                                                                                                                                                          Start time:14:02:24
                                                                                                                                                                                                                                                                                                                          Start date:17/10/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\videodrv.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\videodrv.exe
                                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                          File size:526'632 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:267B10ECA642BBC3534BE32CBC565F35
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000001.00000003.1503431451.0000000003523000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Coinhive, Description: Yara detected Coinhive miner, Source: 00000001.00000003.1503431451.0000000003523000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                          Antivirus matches:
                                                                                                                                                                                                                                                                                                                          • Detection: 100%, Avira
                                                                                                                                                                                                                                                                                                                          • Detection: 100%, Joe Sandbox ML
                                                                                                                                                                                                                                                                                                                          • Detection: 95%, ReversingLabs
                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          Target ID:3
                                                                                                                                                                                                                                                                                                                          Start time:14:02:34
                                                                                                                                                                                                                                                                                                                          Start date:17/10/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\videodrv.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:"C:\Windows\videodrv.exe"
                                                                                                                                                                                                                                                                                                                          Imagebase:0x400000
                                                                                                                                                                                                                                                                                                                          File size:526'632 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:267B10ECA642BBC3534BE32CBC565F35
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:false
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:false
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Yara matches:
                                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Xmrig, Description: Yara detected Xmrig cryptocurrency miner, Source: 00000003.00000003.1555453252.0000000003CD3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                          • Rule: JoeSecurity_Coinhive, Description: Yara detected Coinhive miner, Source: 00000003.00000003.1555453252.0000000003CD3000.00000004.00000020.00020000.00000000.sdmp, Author: Joe Security
                                                                                                                                                                                                                                                                                                                          Reputation:low
                                                                                                                                                                                                                                                                                                                          Has exited:false

                                                                                                                                                                                                                                                                                                                          Target ID:7
                                                                                                                                                                                                                                                                                                                          Start time:14:02:43
                                                                                                                                                                                                                                                                                                                          Start date:17/10/2024
                                                                                                                                                                                                                                                                                                                          Path:C:\Windows\SysWOW64\WerFault.exe
                                                                                                                                                                                                                                                                                                                          Wow64 process (32bit):true
                                                                                                                                                                                                                                                                                                                          Commandline:C:\Windows\SysWOW64\WerFault.exe -u -p 7544 -s 18336
                                                                                                                                                                                                                                                                                                                          Imagebase:0x7a0000
                                                                                                                                                                                                                                                                                                                          File size:483'680 bytes
                                                                                                                                                                                                                                                                                                                          MD5 hash:C31336C1EFC2CCB44B4326EA793040F2
                                                                                                                                                                                                                                                                                                                          Has elevated privileges:true
                                                                                                                                                                                                                                                                                                                          Has administrator privileges:true
                                                                                                                                                                                                                                                                                                                          Programmed in:C, C++ or other language
                                                                                                                                                                                                                                                                                                                          Reputation:high
                                                                                                                                                                                                                                                                                                                          Has exited:true

                                                                                                                                                                                                                                                                                                                          Reset < >

                                                                                                                                                                                                                                                                                                                            Execution Graph

                                                                                                                                                                                                                                                                                                                            Execution Coverage:3.7%
                                                                                                                                                                                                                                                                                                                            Dynamic/Decrypted Code Coverage:0%
                                                                                                                                                                                                                                                                                                                            Signature Coverage:29.5%
                                                                                                                                                                                                                                                                                                                            Total number of Nodes:295
                                                                                                                                                                                                                                                                                                                            Total number of Limit Nodes:2
                                                                                                                                                                                                                                                                                                                            execution_graph 1068 401c21 Sleep 1001F284 1001F218 1001F284 1001E69C 1069 401ce1 1068->1069 1070 401cfb 1001F218 1001F218 1001F218 1068->1070 1069->1070 1077 40241c 1070->1077 1149 405608 1077->1149 1150 405609 1149->1150 1150->1150 1183 404bb2 Sleep 1188 403001 RegOpenKeyA 1183->1188 1185 404bc1 1195 402c3e 1001F200 1185->1195 1189 4030e4 RegCloseKey 1188->1189 1190 403048 1188->1190 1189->1185 1191 4030a5 RegEnumValueA 1190->1191 1194 402c3e 36 API calls 1190->1194 1191->1189 1192 40304a 1001F200 1191->1192 1192->1190 1193 403068 1001E65C 1192->1193 1193->1190 1194->1190 1196 402c5f 1001F284 1001F284 1001E65C FindFirstFileA 1195->1196 1197 402c5a 1195->1197 1198 402cb8 1196->1198 1199 402cd0 1001E6C4 1198->1199 1200 402d57 1001E660 1001E65C 1001E5C5 1198->1200 1201 402daa FindNextFileA 1198->1201 1199->1201 1202 402ced 1001E6C4 1199->1202 1206 402e85 1200->1206 1201->1197 1201->1198 1202->1201 1204 402d0a 1001E660 1001E65C 1001E65C 1202->1204 1205 402c3e 22 API calls 1204->1205 1205->1198 1227 402dc8 1001F200 1206->1227 1209 402ea3 1209->1198 1210 402ea8 CreateFileA 1211 402fee 1001D8F8 1210->1211 1212 402ecf GetFileSize 1210->1212 1211->1209 1213 402efa 1212->1213 1214 402eed CloseHandle 1212->1214 1215 402fe4 CloseHandle 1213->1215 1216 402f07 1001C489 1213->1216 1214->1209 1215->1209 1217 402f22 ReadFile 1216->1217 1218 402fcc 1001D8F8 1216->1218 1219 402f3e 1001D8F8 1217->1219 1220 402f4b 1217->1220 1218->1215 1219->1220 1221 402f6e 1001C4C5 1220->1221 1224 402f85 1001F200 1220->1224 1232 40126a 1001F200 1001F24C 1220->1232 1221->1215 1224->1220 1225 402f98 1001F284 1224->1225 1235 402bfd 10015765 1001C06C 1001BD6D 1225->1235 1228 402df0 1227->1228 1229 402dfa 1001F200 1001F284 1227->1229 1228->1209 1228->1210 1230 402e71 1229->1230 1230->1228 1231 402e50 1001F24C 1230->1231 1231->1228 1231->1230 1233 4012a4 1001F200 1232->1233 1234 40129d 1232->1234 1233->1234 1234->1220 1235->1220 1058 40109a 1059 401131 1058->1059 1065 4010bf 1058->1065 1060 401140 10012226 1059->1060 1061 40115a 10012226 1060->1061 1062 40117b 1060->1062 1061->1062 1064 40112d 1061->1064 1063 401180 10012226 1001242C 1062->1063 1062->1064 1063->1064 1065->1060 1065->1064 1067 40107a RtlUnwind 1065->1067 1067->1065 1236 4045fa 1237 404627 CreateThread 1236->1237 1238 404607 1236->1238 1245 4046a2 1237->1245 1246 404932 1237->1246 1239 4046a9 PostQuitMessage 1238->1239 1241 404610 1238->1241 1239->1245 1240 4046b7 NtdllDefWindowProc_A 1240->1245 1241->1240 1242 404622 1241->1242 1243 404647 KillTimer gethostbyname 1241->1243 1242->1240 1244 404660 CreateThread CreateThread CreateThread 1243->1244 1243->1245 1244->1245 1271 404751 1244->1271 1287 404bde Sleep 1244->1287 1300 405100 1246->1300 1249 405100 1001E660 1250 40497e 1001E65C 1249->1250 1251 405100 1001E660 1250->1251 1252 4049a8 1001E65C 1251->1252 1253 405100 1001E660 1252->1253 1254 4049d9 1001E65C 1253->1254 1255 405100 1001E660 1254->1255 1256 404a03 1001E65C 1255->1256 1257 405100 1001E660 1256->1257 1258 404a2d 1001E65C 1257->1258 1259 405100 1001E660 1258->1259 1260 404a5e 1001E65C 1259->1260 1261 405100 1001E660 1260->1261 1262 404a88 1001E65C 1261->1262 1263 405100 1001E660 1262->1263 1264 404ab2 1001E65C 1263->1264 1265 405100 1001E660 1264->1265 1266 404ae3 1001E65C 1265->1266 1267 405100 1001E660 1266->1267 1268 404b0d 1001E65C 1267->1268 1269 405100 1001E660 1268->1269 1270 404b37 1001E65C 1001E660 1001E660 1001E660 1001E660 1269->1270 1272 40475c GetForegroundWindow GetWindowTextA 1271->1272 1281 404785 1272->1281 1273 404823 1001F200 1274 40491a Sleep 1273->1274 1273->1281 1274->1272 1276 4048fa 1001F200 1276->1274 1276->1281 1277 4047a5 Sleep 1277->1281 1278 401a58 GetTickCount 1001F284 1278->1281 1281->1273 1281->1276 1281->1277 1281->1278 1283 403fb6 94 API calls 1281->1283 1285 403fb6 94 API calls 1281->1285 1304 40311f 1281->1304 1315 4043b5 WSAStartup 1281->1315 1316 403fb6 1281->1316 1363 4031f6 1281->1363 1283->1281 1286 4048db DeleteFileA Sleep 1285->1286 1286->1274 1288 404bf4 1287->1288 1288->1288 1289 404bfd 10015765 1288->1289 1290 404c22 WSAStartup 1289->1290 1296 404c18 1289->1296 1291 404c3f RtlZeroMemory 1290->1291 1290->1296 1292 404c7f 1291->1292 1293 404df0 1001BD6D 1292->1293 1292->1296 1298 404d0d 1001E69C 1292->1298 1438 404e05 1292->1438 1445 4021da 1292->1445 1293->1296 1298->1292 1299 404d3c 1001F284 GetTickCount CreateThread 1298->1299 1299->1292 1302 40512e 1300->1302 1301 404954 1001E65C 1301->1249 1302->1301 1303 4051f4 1001E660 1302->1303 1303->1301 1305 405608 1304->1305 1306 40312c CoInitialize GetTickCount 1305->1306 1314 40315b 1306->1314 1307 4031d0 GetTickCount 1308 4031e9 CoUninitialize 1307->1308 1307->1314 1308->1281 1310 403182 1001E6C4 1312 4031ac 1001D340 1310->1312 1310->1314 1311 403164 Sleep 1311->1314 1312->1314 1314->1307 1314->1308 1314->1310 1314->1311 1314->1312 1374 4032d7 CLSIDFromString 1314->1374 1426 403f7b 10015765 1001C06C 1001BD6D 1314->1426 1315->1281 1317 405608 1316->1317 1318 403fc3 1001E69C 1317->1318 1319 403fe0 DeleteFileA Sleep 1318->1319 1320 403fda 1001D8F8 1318->1320 1319->1274 1322 40241c 47 API calls 1320->1322 1323 404013 1322->1323 1324 404031 1001D8F8 1323->1324 1325 40401b 1001D8F8 1323->1325 1324->1319 1326 404048 gethostbyname 1325->1326 1327 404089 socket 1326->1327 1328 40406a WSAGetLastError 1001D8F8 1326->1328 1329 4040a1 htons connect 1327->1329 1330 4043a5 closesocket 1327->1330 1328->1319 1331 404391 1001D8F8 1329->1331 1332 4040fd 1329->1332 1330->1319 1331->1330 1333 4022f2 6 API calls 1332->1333 1334 404105 1001F200 send 1333->1334 1335 4022f2 6 API calls 1334->1335 1336 40412f 1335->1336 1337 404137 closesocket 1336->1337 1338 404149 1001E5C5 1001F200 send 1336->1338 1337->1319 1339 4022f2 6 API calls 1338->1339 1340 404189 1339->1340 1341 404191 closesocket 1340->1341 1342 4041a3 1001E5C5 1001F200 send 1340->1342 1341->1319 1343 4022f2 6 API calls 1342->1343 1344 4041e3 1343->1344 1345 4041eb closesocket 1344->1345 1346 4041fd 1001F200 send 1344->1346 1345->1319 1347 4022f2 6 API calls 1346->1347 1348 404224 1347->1348 1349 40422c closesocket 1348->1349 1350 40423e 6 API calls 1348->1350 1349->1319 1351 4042c8 1350->1351 1352 40430a CloseHandle 1001F200 send 1350->1352 1354 4042e8 ReadFile 1351->1354 1358 4042d3 1351->1358 1359 4042d5 send 1351->1359 1353 4022f2 6 API calls 1352->1353 1355 40433c 1353->1355 1354->1351 1354->1352 1356 404353 1001F200 send 1355->1356 1357 404344 closesocket 1355->1357 1360 4022f2 6 API calls 1356->1360 1357->1319 1358->1352 1359->1354 1361 40437a 1360->1361 1361->1330 1362 404382 closesocket 1361->1362 1362->1319 1364 405608 1363->1364 1365 403203 GetTickCount CoInitialize 1364->1365 1368 40323c 1365->1368 1366 4032b1 GetTickCount 1367 4032ca CoUninitialize 1366->1367 1366->1368 1367->1281 1368->1366 1368->1367 1369 4032d7 50 API calls 1368->1369 1370 403263 1001E6C4 1368->1370 1371 403245 Sleep 1368->1371 1372 40328d 1001D340 1368->1372 1437 403f7b 10015765 1001C06C 1001BD6D 1368->1437 1369->1368 1370->1368 1370->1372 1371->1368 1372->1368 1375 40330f 1374->1375 1376 403320 1375->1376 1377 403351 CoCreateInstance 1375->1377 1427 4030f2 FormatMessageA 1376->1427 1379 403370 1377->1379 1381 403381 1379->1381 1382 4033b2 1379->1382 1380 403328 1001D8F8 1396 40396c 1380->1396 1428 4030f2 FormatMessageA 1381->1428 1384 4033b8 1001D8F8 1382->1384 1386 4033d4 1382->1386 1384->1396 1385 403389 1001D8F8 1385->1396 1387 403409 1386->1387 1388 40343a 1386->1388 1429 4030f2 FormatMessageA 1387->1429 1390 403440 1001D8F8 1388->1390 1392 40345c 1388->1392 1390->1396 1391 403411 1001D8F8 1391->1396 1393 403488 1392->1393 1425 4034b9 1392->1425 1430 4030f2 FormatMessageA 1393->1430 1395 403490 1001D8F8 1395->1396 1396->1314 1397 4034dd 1001D8F8 1397->1396 1398 40353a 1431 4030f2 FormatMessageA 1398->1431 1399 403574 1001D8F8 1399->1396 1401 403542 1001D8F8 1401->1396 1402 4035cb 1432 4030f2 FormatMessageA 1402->1432 1404 403605 1001D8F8 1404->1396 1405 4035d3 1001D8F8 1405->1396 1406 403653 1433 4030f2 FormatMessageA 1406->1433 1408 40365b 1001D8F8 1408->1396 1409 4036a2 1001D8F8 1409->1396 1410 4036f0 1434 4030f2 FormatMessageA 1410->1434 1412 40372a 1001D8F8 1412->1396 1413 4036f8 1001D8F8 1413->1396 1414 403781 1435 4030f2 FormatMessageA 1414->1435 1416 4037bb 1001D8F8 1416->1396 1417 403789 1001D8F8 1417->1396 1418 403809 1436 4030f2 FormatMessageA 1418->1436 1420 403811 1001D8F8 1420->1396 1421 40384c 1001F200 1421->1425 1422 40391e 1001F200 1422->1425 1423 403f7b 10015765 1001C06C 1001BD6D 1423->1425 1424 403976 25 API calls 1424->1425 1425->1396 1425->1397 1425->1398 1425->1399 1425->1402 1425->1404 1425->1406 1425->1409 1425->1410 1425->1412 1425->1414 1425->1416 1425->1418 1425->1421 1425->1422 1425->1423 1425->1424 1426->1314 1427->1380 1428->1385 1429->1391 1430->1395 1431->1401 1432->1405 1433->1408 1434->1413 1435->1417 1436->1420 1437->1368 1439 404e39 1438->1439 1440 404e13 1001BE97 1439->1440 1441 404e3f 1439->1441 1440->1439 1442 404e2f Sleep 1440->1442 1452 4050bc 1441->1452 1442->1439 1449 4021ed 1445->1449 1446 4022e9 Sleep 1446->1292 1447 402202 GetTickCount 1447->1449 1448 40223c TerminateThread 1448->1449 1449->1446 1449->1447 1449->1448 1450 40226c closesocket 1449->1450 1451 40229a closesocket 1449->1451 1450->1449 1451->1449 1453 4050ec 1001F200 1452->1453 1454 4050cb 1453->1454 1455 404e47 1453->1455 1454->1453 1455->1292 1003 4011cb 10011C28 1006 4055a4 GetCommandLineA 1003->1006 1007 4055b5 1001E69C 1006->1007 1010 4055ca 1006->1010 1008 4055f3 GetModuleHandleA 1007->1008 1007->1010 1012 4043d0 LoadLibraryA 1008->1012 1010->1008 1013 404419 1012->1013 1014 4043fc GetProcAddress 1012->1014 1016 40441e WSAStartup 1013->1016 1014->1013 1015 404412 1014->1015 1015->1013 1017 404459 1016->1017 1018 401236 10011F60 1016->1018 1034 404e52 GetCommandLineA 1001F284 1017->1034 1021 40446d 10 API calls 1039 404fb8 DeleteFileA 10015765 1021->1039 1027 40454a RegisterClassA 1028 404565 CreateWindowExA 1027->1028 1029 40455b 1027->1029 1030 4045b9 SetTimer 1028->1030 1031 40459f MessageBoxA 1028->1031 1029->1018 1032 4045de GetMessageA 1030->1032 1031->1018 1032->1029 1033 4045cc TranslateMessage DispatchMessageA 1032->1033 1033->1032 1035 404e92 9 API calls 1034->1035 1037 40445e 1035->1037 1038 404f97 CloseHandle WinExec 1035->1038 1037->1018 1037->1021 1038->1037 1040 404fee 1001C06C 10015765 1039->1040 1041 404529 1039->1041 1040->1041 1042 405023 100151BB 10015138 1001C489 1040->1042 1046 401469 10015765 1041->1046 1042->1041 1043 405057 1001C32C 1001C7EA 1042->1043 1044 405083 1001C4C5 1043->1044 1045 40508e 1001BD6D 1001C06C 1001BD6D 1043->1045 1044->1045 1045->1041 1047 401492 1046->1047 1048 40149c 10015765 1046->1048 1055 4046cd LoadIconA LoadCursorA GetStockObject 1047->1055 1048->1047 1049 4014bf 100151BB 10015138 1001C489 1048->1049 1049->1047 1050 4014f6 1001C32C GetSystemTimeAsFileTime FileTimeToDosDateTime 1049->1050 1056 401401 1050->1056 1052 401546 12 API calls 1053 4016f1 1001C4C5 1052->1053 1054 4016fc 1001BD6D 1001BD6D 1052->1054 1053->1054 1054->1047 1055->1027 1057 401410 1056->1057 1057->1052

                                                                                                                                                                                                                                                                                                                            Callgraph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            • Opacity -> Relevance
                                                                                                                                                                                                                                                                                                                            • Disassembly available
                                                                                                                                                                                                                                                                                                                            callgraph 0 Function_00477945 1 Function_004011C3 2 Function_00402946 3 Function_004770C1 4 Function_00402DC8 5 Function_004011CB 69 Function_004055A4 5->69 6 Function_004046CD 7 Function_00476B49 8 Function_0040124F 54 Function_00401381 8->54 9 Function_004043D0 9->6 10 Function_00401250 9->10 13 Function_00404E52 9->13 28 Function_00401469 9->28 83 Function_00404FB8 9->83 10->54 11 Function_00407250 12 Function_00404751 17 Function_00401A58 12->17 41 Function_004031F6 12->41 52 Function_00401401 12->52 66 Function_0040311F 12->66 79 Function_004043B5 12->79 80 Function_00403FB6 12->80 14 Function_004070D5 15 Function_004032D7 35 Function_004030F2 15->35 40 Function_00403976 15->40 45 Function_00403F7B 15->45 15->52 70 Function_00403F26 15->70 16 Function_00474DD0 17->52 18 Function_00401E58 34 Function_004022F2 18->34 58 Function_00405608 18->58 62 Function_0040171A 18->62 19 Function_004776DE 20 Function_004021DA 21 Function_004769DA 22 Function_00404BDE 22->20 26 Function_00401BE7 22->26 56 Function_00404E05 22->56 23 Function_004054DF 24 Function_00407162 25 Function_00476760 27 Function_0047706E 28->52 29 Function_0040126A 31 Function_004012ED 29->31 29->52 59 Function_0040130C 29->59 30 Function_00476DEB 32 Function_0040186E 33 Function_00477069 36 Function_00402AF3 37 Function_004769F4 38 Function_004071F5 39 Function_00476DF2 40->35 40->70 41->15 41->45 41->58 42 Function_00405277 43 Function_0040107A 44 Function_004045FA 44->12 44->22 75 Function_00404932 44->75 46 Function_004054FB 47 Function_0040737C 48 Function_00402BFD 49 Function_00476679 50 Function_00405100 50->52 51 Function_00401000 52->54 53 Function_00403001 89 Function_00402C3E 53->89 55 Function_00401B81 55->52 85 Function_004050BC 56->85 57 Function_00402E85 57->4 57->29 57->48 78 Function_004052B4 57->78 60 Function_00407016 61 Function_00476B10 62->17 62->32 62->55 63 Function_0040109A 63->43 67 Function_00401020 63->67 64 Function_0040241C 64->2 64->36 64->58 65 Function_00477219 66->15 66->45 66->58 68 Function_00401C21 68->18 68->64 69->9 71 Function_00405627 72 Function_00476B2F 73 Function_00404929 74 Function_004072AE 75->50 76 Function_00404BB2 76->53 76->89 77 Function_00477334 84 Function_004052BA 78->84 80->34 80->58 80->64 81 Function_004070B7 82 Function_00474DB0 84->23 86 Function_004072BD 87 Function_004767BA 88 Function_00476ABA 89->57 89->89

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LoadLibraryA.KERNEL32(kernel32.dll,00000000), ref: 004043EF
                                                                                                                                                                                                                                                                                                                            • GetProcAddress.KERNEL32(?,RegisterServiceProcess), ref: 00404404
                                                                                                                                                                                                                                                                                                                            • WSAStartup.WSOCK32(00000001,?,kernel32.dll,00000000), ref: 00404445
                                                                                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(00407514,00000104,00000001,?,kernel32.dll,00000000), ref: 00404477
                                                                                                                                                                                                                                                                                                                            • 1001F284.CRTDLL(00407618,00407514,00000104,00407514,00000104,00000001,?,kernel32.dll,00000000), ref: 0040448B
                                                                                                                                                                                                                                                                                                                            • 1001F218.CRTDLL(00407618,\zip.tmp,00000104,?,kernel32.dll,00000000), ref: 004044A2
                                                                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00407618,?,?,?,?,kernel32.dll,00000000), ref: 004044AF
                                                                                                                                                                                                                                                                                                                            • 1001F284.CRTDLL(0040771C,00407514,00000104,00407618,?,?,?,?,kernel32.dll,00000000), ref: 004044C3
                                                                                                                                                                                                                                                                                                                            • 1001F218.CRTDLL(0040771C,\exe.tmp,00000104,?,?,00407618,?,?,?,?,kernel32.dll,00000000), ref: 004044DA
                                                                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(0040771C,?,?,?,?,?,00407618,?,?,?,?,kernel32.dll,00000000), ref: 004044E7
                                                                                                                                                                                                                                                                                                                            • 1001F284.CRTDLL(00407820,00407514,00000104,0040771C,?,?,?,?,?,00407618,?,?,?,?,kernel32.dll,00000000), ref: 004044FB
                                                                                                                                                                                                                                                                                                                            • 1001F218.CRTDLL(00407820,\eml.tmp,00000104,?,?,0040771C,?,?,?,?,?,00407618,?,?,?,?), ref: 00404512
                                                                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(00407820,?,?,?,?,?,0040771C,?,?,?,?,?,00407618), ref: 0040451F
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404FB8: DeleteFileA.KERNEL32(0040771C,?,?,?,00404529,00407820,?,?,?,?,?,0040771C), ref: 00404FC4
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00404FB8: 10015765.CRTDLL(0040771C,00474D86,0040771C,?,?,?,00404529,00407820,?,?,?,?,?,0040771C), ref: 00404FD3
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401469: 10015765.CRTDLL(0040771C,00474D86,?,?,?,?,?,00404538,0040771C,00407618,00407820), ref: 00401481
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004046CD: LoadIconA.USER32(00000000,00007F00), ref: 00404710
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004046CD: LoadCursorA.USER32(00000000,00007F00), ref: 00404722
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004046CD: GetStockObject.GDI32(00000000), ref: 0040472F
                                                                                                                                                                                                                                                                                                                            • RegisterClassA.USER32(?), ref: 00404551
                                                                                                                                                                                                                                                                                                                            • CreateWindowExA.USER32(00000000,?, value,00CF0000,80000000,80000000,80000000,80000000,00000000,00000000,00000000,00000000), ref: 00404591
                                                                                                                                                                                                                                                                                                                            • MessageBoxA.USER32(00000000,Error creating window,msg,00000000), ref: 004045AD
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001$DeleteFile$F218F284Load$10015765$AddressClassCreateCursorDirectoryIconLibraryMessageObjectProcRegisterStartupStockWindowWindows
                                                                                                                                                                                                                                                                                                                            • String ID: @G$@G(@G$ value$Error creating window$RegisterServiceProcess$\eml.tmp$\exe.tmp$\zip.tmp$kernel32.dll$msg
                                                                                                                                                                                                                                                                                                                            • API String ID: 4215265920-2363475753
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ffed2d588d9de1246e1edb8cb933916f9070d55c80b6db3eb5e96cd37b3d9b42
                                                                                                                                                                                                                                                                                                                            • Instruction ID: e99ab661372d1cc03a78e8b49347f03b6722afe6656aaccac5a08a6036f0bf22
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ffed2d588d9de1246e1edb8cb933916f9070d55c80b6db3eb5e96cd37b3d9b42
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: D34150F1E84304B6EB10BA959C47FEE76209B84B58F20043BF7047A1D2D6FD25459AAF

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetCommandLineA.KERNEL32(?), ref: 00404E68
                                                                                                                                                                                                                                                                                                                            • 1001F284.CRTDLL(?,00000000,00000104,?), ref: 00404E7A
                                                                                                                                                                                                                                                                                                                            • 1001F284.CRTDLL(C:\Users\user\Desktop\4ui8luUSNp.exe,?,00000104,?,?,?), ref: 00404ED6
                                                                                                                                                                                                                                                                                                                            • GetWindowsDirectoryA.KERNEL32(?,00000104,?,?,?,?,?,?), ref: 00404EEA
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(?,\videodrv.exe,?,00000104,?,?,?,?,?,?), ref: 00404EFB
                                                                                                                                                                                                                                                                                                                            • CopyFileA.KERNEL32(?,?,00000000), ref: 00404F12
                                                                                                                                                                                                                                                                                                                            • RegOpenKeyA.ADVAPI32(80000002,Software\Microsoft\Windows\CurrentVersion\Run,?), ref: 00404F28
                                                                                                                                                                                                                                                                                                                            • 1001F200.CRTDLL(?,?,00000104,?,?,?,?,?,?), ref: 00404F34
                                                                                                                                                                                                                                                                                                                            • RegSetValueExA.ADVAPI32(?,VideoDriver,00000000,00000001,?,00000000,?,?,00000104,?,?,?,?,?,?), ref: 00404F53
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,?,VideoDriver,00000000,00000001,?,00000000,?,?,00000104,?,?,?,?,?,?), ref: 00404F5E
                                                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(?,40000000,00000002,00000000,00000003,00000080,00000000,?,?,VideoDriver,00000000,00000001,?,00000000,?,?), ref: 00404F7C
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(000000FF,?,40000000,00000002,00000000,00000003,00000080,00000000,?,?,VideoDriver,00000000,00000001,?,00000000), ref: 00404F9D
                                                                                                                                                                                                                                                                                                                            • WinExec.KERNEL32(?,00000000), ref: 00404FAB
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001$CloseF284File$CommandCopyCreateDirectoryExecF200HandleLineOpenValueWindows
                                                                                                                                                                                                                                                                                                                            • String ID: "$C:\Users\user\Desktop\4ui8luUSNp.exe$Software\Microsoft\Windows\CurrentVersion\Run$VideoDriver$\videodrv.exe
                                                                                                                                                                                                                                                                                                                            • API String ID: 637561741-18291024
                                                                                                                                                                                                                                                                                                                            • Opcode ID: be314feb30a0f88aeaa55c19c82bbba25c857350d4c6aaf528d1a528134497cb
                                                                                                                                                                                                                                                                                                                            • Instruction ID: e0975d4760a66e87e7bcd1327159ddae44ae79f6fe7378d3e77d931f72f024fb
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: be314feb30a0f88aeaa55c19c82bbba25c857350d4c6aaf528d1a528134497cb
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 383196B2940218A6DB20B750CC4ABDE7735AB90718F6045E9F6483A1C2C7F82FC59F99

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 37 4055a4-4055b3 GetCommandLineA 38 4055b5-4055c8 1001E69C 37->38 39 4055d8-4055dd 37->39 42 4055f3-405600 GetModuleHandleA call 4043d0 38->42 43 4055ca-4055cd 38->43 40 4055e4 39->40 41 4055df-4055e2 39->41 46 4055e7-4055ec 40->46 41->40 45 4055d7 41->45 51 405605-405607 42->51 44 4055d0-4055d3 43->44 48 4055d5 44->48 49 4055cf 44->49 45->39 46->42 50 4055ee-4055f1 46->50 48->42 49->44 50->42 52 4055e6 50->52 52->46
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetCommandLineA.KERNEL32(?,?,?,00401236,00474020,00474024,00474028,00000000,00000000), ref: 004055A9
                                                                                                                                                                                                                                                                                                                            • 1001E69C.CRTDLL(00000001,00000022,?,?,?,00401236,00474020,00474024,00474028,00000000,00000000), ref: 004055BB
                                                                                                                                                                                                                                                                                                                            • GetModuleHandleA.KERNEL32(00000000,?,?,?,00401236,00474020,00474024,00474028,00000000,00000000), ref: 004055F5
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001CommandHandleLineModule
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 1467874914-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 9d90f70779e49901cb4a042e673f5c78066e9589dea778e10ece467b9c9a2457
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 2675976d44ac908319b1a546f1d7373516c9b8ec77dd3febf82d6b40b7acce9f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 9d90f70779e49901cb4a042e673f5c78066e9589dea778e10ece467b9c9a2457
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E0F0C242914A8139EB3021764C06B3BA98AD792354F380833E142F62C5E9BCCD82AF2D

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 53 4011cb-401231 10011C28 call 4055a4 55 401236-401245 10011F60 53->55
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • 10011C28.CRTDLL(00474020,00474024,00474028,00000000,00000000), ref: 00401214
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004055A4: GetCommandLineA.KERNEL32(?,?,?,00401236,00474020,00474024,00474028,00000000,00000000), ref: 004055A9
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004055A4: 1001E69C.CRTDLL(00000001,00000022,?,?,?,00401236,00474020,00474024,00474028,00000000,00000000), ref: 004055BB
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004055A4: GetModuleHandleA.KERNEL32(00000000,?,?,?,00401236,00474020,00474024,00474028,00000000,00000000), ref: 004055F5
                                                                                                                                                                                                                                                                                                                            • 10011F60.CRTDLL(00000000), ref: 0040123F
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 10011$1001CommandHandleLineModule
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 3501170370-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 058b243d42634919a1932268ed5137acc044ef0ed66d9025cf1d714d917fef18
                                                                                                                                                                                                                                                                                                                            • Instruction ID: fa2f8f4b5fac0dfcdecf8ccdab330e6b026f3bebebd585301074f9950c23b8aa
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 058b243d42634919a1932268ed5137acc044ef0ed66d9025cf1d714d917fef18
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C5F0F071980780FADB107B559E03F2A7AA8EB48B15F20412AF748A15E1D3BC50108A9E

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 291 4032d7-40330d CLSIDFromString 292 403316 291->292 293 40330f-403314 291->293 294 40331b-40331e 292->294 293->294 295 403320-40334c call 4030f2 1001D8F8 294->295 296 403351-40336e CoCreateInstance 294->296 302 403971-403975 295->302 298 403370-403375 296->298 299 403377 296->299 301 40337c-40337f 298->301 299->301 303 403381-4033ad call 4030f2 1001D8F8 301->303 304 4033b2-4033b6 301->304 303->302 306 4033d4-4033f6 304->306 307 4033b8-4033cf 1001D8F8 304->307 310 4033f8-4033fd 306->310 311 4033ff 306->311 307->302 312 403404-403407 310->312 311->312 313 403409-403435 call 4030f2 1001D8F8 312->313 314 40343a-40343e 312->314 313->302 316 403440-403457 1001D8F8 314->316 317 40345c-403475 314->317 316->302 320 403477-40347c 317->320 321 40347e 317->321 322 403483-403486 320->322 321->322 323 403488-4034b4 call 4030f2 1001D8F8 322->323 324 4034b9-4034c0 322->324 323->302 326 403960-403966 324->326 328 4034c5-4034db 326->328 329 40396c 326->329 330 4034f9-403527 328->330 331 4034dd-4034f4 1001D8F8 328->331 329->302 333 403530 330->333 334 403529-40352e 330->334 331->302 335 403535-403538 333->335 334->335 336 40353a-403566 call 4030f2 1001D8F8 335->336 337 40356b-403572 335->337 336->302 338 403590-4035b8 337->338 339 403574-40358b 1001D8F8 337->339 343 4035c1 338->343 344 4035ba-4035bf 338->344 339->302 345 4035c6-4035c9 343->345 344->345 346 4035cb-4035f7 call 4030f2 1001D8F8 345->346 347 4035fc-403603 345->347 346->302 349 403621-403640 347->349 350 403605-40361c 1001D8F8 347->350 353 403642-403647 349->353 354 403649 349->354 350->302 355 40364e-403651 353->355 354->355 356 403653-40367f call 4030f2 1001D8F8 355->356 357 403684-4036a0 call 403f26 355->357 356->302 362 4036a2-4036b9 1001D8F8 357->362 363 4036be-4036dd 357->363 362->302 365 4036e6 363->365 366 4036df-4036e4 363->366 367 4036eb-4036ee 365->367 366->367 368 4036f0-40371c call 4030f2 1001D8F8 367->368 369 403721-403728 367->369 368->302 371 403746-40376e 369->371 372 40372a-403741 1001D8F8 369->372 375 403770-403775 371->375 376 403777 371->376 372->302 377 40377c-40377f 375->377 376->377 378 403781-4037ad call 4030f2 1001D8F8 377->378 379 4037b2-4037b9 377->379 378->302 381 4037d7-4037f6 379->381 382 4037bb-4037d2 1001D8F8 379->382 385 4037f8-4037fd 381->385 386 4037ff 381->386 382->302 387 403804-403807 385->387 386->387 388 403809-403835 call 4030f2 1001D8F8 387->388 389 40383a-40387d call 403f26 1001F200 call 401401 387->389 388->302 396 403940-40394a 389->396 397 403883-403899 389->397 398 40394c-40395a call 403976 396->398 399 40395d 396->399 400 40391e-403938 1001F200 397->400 398->399 399->326 402 40389e-4038d2 call 401401 400->402 403 40393e 400->403 407 4038d4-4038db 402->407 408 403918 402->408 403->399 409 403905-403916 call 403976 407->409 410 4038dd-403902 call 403f7b * 2 407->410 408->400 409->399 410->409
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CLSIDFromString.OLE32({9BA05972-F6A8-11CF-A442-00A0C90A8F39},?,00000000), ref: 00403301
                                                                                                                                                                                                                                                                                                                            • 1001D8F8.CRTDLL(Line %d: %s,00000084,00000000,{9BA05972-F6A8-11CF-A442-00A0C90A8F39},?,00000000), ref: 00403335
                                                                                                                                                                                                                                                                                                                            • CoCreateInstance.OLE32(?,00000000,00000004,00474DDC,00000000,{9BA05972-F6A8-11CF-A442-00A0C90A8F39},?,00000000), ref: 00403362
                                                                                                                                                                                                                                                                                                                            • 1001D8F8.CRTDLL(Line %d: %s,0000008D,00000000,?,00000000,00000004,00474DDC,00000000,{9BA05972-F6A8-11CF-A442-00A0C90A8F39},?,00000000), ref: 00403396
                                                                                                                                                                                                                                                                                                                            • 1001D8F8.CRTDLL(LINE %d,00000090,?,00000000,00000004,00474DDC,00000000,{9BA05972-F6A8-11CF-A442-00A0C90A8F39},?,00000000), ref: 004033C2
                                                                                                                                                                                                                                                                                                                            • 1001D8F8.CRTDLL(Line %d: %s,00000093,00000000), ref: 0040341E
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001$CreateFromInstanceString
                                                                                                                                                                                                                                                                                                                            • String ID: LINE %d$Line %d: %s${9BA05972-F6A8-11CF-A442-00A0C90A8F39}
                                                                                                                                                                                                                                                                                                                            • API String ID: 3289208521-1645282711
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 41b8ecf495dcfff14f3484cc832a0d0aaeb16ef57e3845268977e1bdf1219094
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a9b72692392feb8c2838df239970aa052233eb83172fa1581b79b1dcfda1a31f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 41b8ecf495dcfff14f3484cc832a0d0aaeb16ef57e3845268977e1bdf1219094
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7BF1A3B2D04204ABEB10AF51CD06BEE7A78EB84706F2040BAE504372D1D7BD5F85DB5A

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • 10015765.CRTDLL(0040771C,00474D86,?,?,?,?,?,00404538,0040771C,00407618,00407820), ref: 00401481
                                                                                                                                                                                                                                                                                                                            • 10015765.CRTDLL(00407618,00474D83,?,?,?,?,?,?,00404538,0040771C,00407618), ref: 004014A4
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 10015765
                                                                                                                                                                                                                                                                                                                            • String ID: 8E@$message.html
                                                                                                                                                                                                                                                                                                                            • API String ID: 627249555-2872700593
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 23e158315ef81f948e1bc13286fc1c995ca378cdf279cd907a673e7abb40ef99
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 32b62223590821d90bdf4fd44950fa7710351775f328ad968971fbda23096aff
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 23e158315ef81f948e1bc13286fc1c995ca378cdf279cd907a673e7abb40ef99
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 736130B2D14204EADF10AF95DD02BAF7B72EF54704F144079E504362E1E3BA2A64DF9A

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 429 402c3e-402c58 1001F200 430 402c5a 429->430 431 402c5f-402cb2 1001F284 * 2 1001E65C FindFirstFileA 429->431 432 402dc5-402dc7 430->432 433 402cb8-402cca 431->433 434 402cd0-402ce7 1001E6C4 433->434 435 402d57-402da7 1001E660 1001E65C 1001E5C5 call 402e85 433->435 436 402daa-402dbf FindNextFileA 434->436 437 402ced-402d04 1001E6C4 434->437 435->436 436->432 436->433 437->436 439 402d0a-402d55 1001E660 1001E65C * 2 call 402c3e 437->439 439->436
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • 1001F200.CRTDLL(?), ref: 00402C4B
                                                                                                                                                                                                                                                                                                                            • 1001F284.CRTDLL(?,?,000000FA), ref: 00402C6E
                                                                                                                                                                                                                                                                                                                            • 1001F284.CRTDLL(00407ED0,?,00000104), ref: 00402C83
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(?,*.*), ref: 00402C97
                                                                                                                                                                                                                                                                                                                            • FindFirstFileA.KERNEL32(?,?), ref: 00402CAD
                                                                                                                                                                                                                                                                                                                            • 1001E6C4.CRTDLL(?,00474A69,?,?), ref: 00402CDC
                                                                                                                                                                                                                                                                                                                            • 1001E6C4.CRTDLL(?,00474A66,?,?), ref: 00402CF9
                                                                                                                                                                                                                                                                                                                            • 1001E660.CRTDLL(?,?,?,?,?,?), ref: 00402D14
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(?,?,?,?,?,?,?,?), ref: 00402D2A
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(?,00474A64,?,?,?,?,?,?,?,?), ref: 00402D3E
                                                                                                                                                                                                                                                                                                                            • FindNextFileA.KERNEL32(?,?,?,?,?,?,?,?,?,?,?), ref: 00402DB7
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001$F284FileFind$E660F200FirstNext
                                                                                                                                                                                                                                                                                                                            • String ID: %s%s$*.*
                                                                                                                                                                                                                                                                                                                            • API String ID: 1948946466-705776850
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d38d8e587c359fe16ca7e2567f7d8e2feb1714031e55fecf5a30c112bc74cace
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ddcd00cabe306baeb2a3d3c24980d469963555bf3affe5bc13603fede52dfb5b
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d38d8e587c359fe16ca7e2567f7d8e2feb1714031e55fecf5a30c112bc74cace
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6431E573C00219A6CB217A009D0BBEE7235DBC4704F4104BAF60C761C2D7B92B9A9E9B
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00404932,00000000,00000000,?), ref: 00404638
                                                                                                                                                                                                                                                                                                                            • KillTimer.USER32(?,00000001), ref: 0040464C
                                                                                                                                                                                                                                                                                                                            • gethostbyname.WSOCK32(www.google.com,?,00000001), ref: 00404656
                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00404751,00000000,00000000,?), ref: 00404671
                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,h`,00000000,00000000,?), ref: 00404687
                                                                                                                                                                                                                                                                                                                            • CreateThread.KERNEL32(00000000,00000000,00404BDE,00000000,00000000,?), ref: 0040469D
                                                                                                                                                                                                                                                                                                                            • PostQuitMessage.USER32(00000000), ref: 004046AB
                                                                                                                                                                                                                                                                                                                            • NtdllDefWindowProc_A.USER32(?,?,?,?), ref: 004046C3
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: CreateThread$KillMessageNtdllPostProc_QuitTimerWindowgethostbyname
                                                                                                                                                                                                                                                                                                                            • String ID: h`$www.google.com
                                                                                                                                                                                                                                                                                                                            • API String ID: 4207061589-1147896248
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6c5bec7ba190cf5f0a4628c6c1ab159bf887b29402b6a3e017fb3ace398f63ce
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 09e2b1a2ec863ca34a71cd6057943918fb5172a7d91df02ac762c8cedf36b740
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6c5bec7ba190cf5f0a4628c6c1ab159bf887b29402b6a3e017fb3ace398f63ce
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: BB1130713C0704B5EE306A458C07F9E26629BC2F06F21483BB3043E1D092FEA951AA5E

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • 1001E69C.CRTDLL(?,00000040), ref: 00403FC9
                                                                                                                                                                                                                                                                                                                            • 1001D8F8.CRTDLL(Domain: '%s',00000001), ref: 00403FF2
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040241C: 1001F200.CRTDLL(00000000,?,?,?,00401DD4,?,?,000007D0,00000000,00000000,?,?,000000FF,?,?,000000FF), ref: 0040242E
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040241C: RtlZeroMemory.KERNEL32(?,00000200), ref: 00402457
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040241C: RtlZeroMemory.KERNEL32(?,00002800,?,00000200), ref: 00402468
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040241C: RtlZeroMemory.KERNEL32(?,00000100,?,00002800,?,00000200), ref: 00402479
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040241C: socket.WSOCK32(00000002,00000001,00000006,?,00000100,?,00002800,?,00000200), ref: 00402484
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040241C: htons.WSOCK32(00000035,00000002,00000001,00000006,?,00000100,?,00002800,?,00000200), ref: 004024B2
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040241C: 1001C489.CRTDLL(00000800,00000035,00000002,00000001,00000006,?,00000100,?,00002800,?,00000200), ref: 004024C5
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040241C: RtlZeroMemory.KERNEL32(?,00000004), ref: 004024E6
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040241C: GetNetworkParams.IPHLPAPI(?,00000800), ref: 004024F8
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 0040241C: closesocket.WSOCK32(000000FF,?,00000004), ref: 0040250F
                                                                                                                                                                                                                                                                                                                            • 1001D8F8.CRTDLL(MX: '%s',?), ref: 00404027
                                                                                                                                                                                                                                                                                                                            • 1001D8F8.CRTDLL(Lookup failed), ref: 00404036
                                                                                                                                                                                                                                                                                                                            • gethostbyname.WSOCK32(?), ref: 00404056
                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32 ref: 0040406A
                                                                                                                                                                                                                                                                                                                            • 1001D8F8.CRTDLL(hostent() error: %d,00000000), ref: 00404077
                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006), ref: 0040408F
                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(00000019), ref: 004040C9
                                                                                                                                                                                                                                                                                                                            • connect.WSOCK32(000000FF,00000002,00000010,00000019), ref: 004040EF
                                                                                                                                                                                                                                                                                                                            • 1001F200.CRTDLL(HELO localhost,?), ref: 0040410D
                                                                                                                                                                                                                                                                                                                            • send.WSOCK32(000000FF,HELO localhost,00000000,00000000,?,?), ref: 00404122
                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(000000FF,00000000,?,?), ref: 0040413A
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001$MemoryZero$F200closesockethtonssocket$C489ErrorLastNetworkParamsconnectgethostbynamesend
                                                                                                                                                                                                                                                                                                                            • String ID: .$%s %d$DATA$Domain: '%s'$Failed to connect: '%s'$From: %sTo: <%s>Reply-To: <%s>Subject: %s$HELO localhost$Lookup failed$MAIL FROM:<%s>$MX: '%s'$QUIT$RCPT TO:<%s>$hostent() error: %d
                                                                                                                                                                                                                                                                                                                            • API String ID: 1190693670-3956985911
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 38e472f5afb0dfda48cfd1dd65f6b42815a48a5cb7d39b726019f355f5181a31
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7bc473aee1d268b799f7e717c2b6871404de3c613b830544c2f882715362dada
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 38e472f5afb0dfda48cfd1dd65f6b42815a48a5cb7d39b726019f355f5181a31
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 26A1B2B2940218FADB20AA518C07BDE7631DB90704F2044BAFA04361D1D7B95FA5AE9E

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • gethostbyname.WSOCK32(00401E07,?,?,?,00401E07), ref: 00401E7D
                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,00401E07,?), ref: 00401E9B
                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(00000019), ref: 00401EE3
                                                                                                                                                                                                                                                                                                                            • connect.WSOCK32(000000FF,00000002,00000010,00000019), ref: 00401F09
                                                                                                                                                                                                                                                                                                                            • 1001F200.CRTDLL(HELO localhost), ref: 00401F27
                                                                                                                                                                                                                                                                                                                            • send.WSOCK32(000000FF,HELO localhost,00000000,00000000), ref: 00401F3C
                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(000000FF,00000000), ref: 00401F54
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001F200closesocketconnectgethostbynamehtonssendsocket
                                                                                                                                                                                                                                                                                                                            • String ID: .$DATA$From: %sTo: %sReply-To: %s$HELO localhost$MAIL FROM:<%s>$QUIT$RCPT TO:<%s>
                                                                                                                                                                                                                                                                                                                            • API String ID: 3792293338-119287665
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6edecf961497a81c2509e9009f622c32a04d8440bcf6d91d1fdcd2db56ac74ee
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c789c2ceb8872c264f61e6111112c3e2041cb94a0bf67aabb908bc6aa9ac6a0c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6edecf961497a81c2509e9009f622c32a04d8440bcf6d91d1fdcd2db56ac74ee
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6A918072C40144FADB11AB519D06BDE7636EB80308F2040BBF504361E1E7B9AF99AE9D

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • 1001F200.CRTDLL(00000000,?,?,?,00401DD4,?,?,000007D0,00000000,00000000,?,?,000000FF,?,?,000000FF), ref: 0040242E
                                                                                                                                                                                                                                                                                                                            • RtlZeroMemory.KERNEL32(?,00000200), ref: 00402457
                                                                                                                                                                                                                                                                                                                            • RtlZeroMemory.KERNEL32(?,00002800,?,00000200), ref: 00402468
                                                                                                                                                                                                                                                                                                                            • RtlZeroMemory.KERNEL32(?,00000100,?,00002800,?,00000200), ref: 00402479
                                                                                                                                                                                                                                                                                                                            • socket.WSOCK32(00000002,00000001,00000006,?,00000100,?,00002800,?,00000200), ref: 00402484
                                                                                                                                                                                                                                                                                                                            • htons.WSOCK32(00000035,00000002,00000001,00000006,?,00000100,?,00002800,?,00000200), ref: 004024B2
                                                                                                                                                                                                                                                                                                                            • 1001C489.CRTDLL(00000800,00000035,00000002,00000001,00000006,?,00000100,?,00002800,?,00000200), ref: 004024C5
                                                                                                                                                                                                                                                                                                                            • RtlZeroMemory.KERNEL32(?,00000004), ref: 004024E6
                                                                                                                                                                                                                                                                                                                            • GetNetworkParams.IPHLPAPI(?,00000800), ref: 004024F8
                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(000000FF,?,00000004), ref: 0040250F
                                                                                                                                                                                                                                                                                                                            • inet_addr.WSOCK32(212.5.86.163,?,00000004), ref: 00402523
                                                                                                                                                                                                                                                                                                                            • ioctlsocket.WSOCK32(000000FF,80040000,00000001,212.5.86.163,?,00000004), ref: 004025A9
                                                                                                                                                                                                                                                                                                                            • connect.WSOCK32(000000FF,?,00000010,000000FF,80040000,00000001,212.5.86.163,?,00000004), ref: 004025BA
                                                                                                                                                                                                                                                                                                                            • WSAGetLastError.WSOCK32(000000FF,?,00000010,000000FF,80040000,00000001,212.5.86.163,?,00000004), ref: 004025C8
                                                                                                                                                                                                                                                                                                                            • select.WSOCK32(00000000,00000000,00000040,00000000,?,000000FF,?,00000010,000000FF,80040000,00000001,212.5.86.163,?,00000004), ref: 0040263E
                                                                                                                                                                                                                                                                                                                            • ioctlsocket.WSOCK32(000000FF,80040000,00000000,000000FF,?,00000010,000000FF,80040000,00000001,212.5.86.163,?,00000004), ref: 0040266C
                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(000000FF), ref: 00402698
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: MemoryZero$1001closesocketioctlsocket$C489ErrorF200LastNetworkParamsconnecthtonsinet_addrselectsocket
                                                                                                                                                                                                                                                                                                                            • String ID: 212.5.86.163$@
                                                                                                                                                                                                                                                                                                                            • API String ID: 3216102798-3789070369
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 6875aea6d2ad78f97dfe295fe13181fa33d898ee8b5da3e3c306c13944ff61f5
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0850302d7e0a7daca668ae12596435e0ce83fecd31ecfc9c58567dc193e4777b
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 6875aea6d2ad78f97dfe295fe13181fa33d898ee8b5da3e3c306c13944ff61f5
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0FD14D72D01228EAEF39AB118D0DB9EB772EB84714F1104EAE508371D0CBB85F959F59

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 188 403976-40398d 189 4039ab-4039c4 188->189 190 40398f-4039a6 1001D8F8 188->190 193 4039c6-4039cb 189->193 194 4039cd 189->194 191 403f21-403f25 190->191 195 4039d2-4039d5 193->195 194->195 196 4039d7-403a03 call 4030f2 1001D8F8 195->196 197 403a08-403a0c 195->197 196->191 199 403a2a-403a43 197->199 200 403a0e-403a25 1001D8F8 197->200 203 403a45-403a4a 199->203 204 403a4c 199->204 200->191 205 403a51-403a54 203->205 204->205 206 403a56-403a82 call 4030f2 1001D8F8 205->206 207 403a87-403a8b 205->207 206->191 209 403a91-403aa2 207->209 210 403c5d-403c61 207->210 212 403ac0-403ada 209->212 213 403aa4-403abb 1001D8F8 209->213 214 403c63-403c7a 1001D8F8 210->214 215 403c7f-403c98 210->215 218 403af8-403b1a 212->218 219 403adc-403af3 1001D8F8 212->219 213->191 214->191 220 403ca1 215->220 221 403c9a-403c9f 215->221 229 403b23 218->229 230 403b1c-403b21 218->230 219->191 222 403ca6-403ca9 220->222 221->222 223 403cab-403cd7 call 4030f2 1001D8F8 222->223 224 403cdc-403ce0 222->224 223->191 227 403ce2-403cf9 1001D8F8 224->227 228 403cfe-403d17 224->228 227->191 239 403f10-403f16 228->239 231 403b28-403b2b 229->231 230->231 233 403b2d-403b59 call 4030f2 1001D8F8 231->233 234 403b5e-403b62 231->234 233->191 237 403b80-403b99 234->237 238 403b64-403b7b 1001D8F8 234->238 246 403ba2 237->246 247 403b9b-403ba0 237->247 238->191 241 403d1c-403d2c 239->241 242 403f1c 239->242 244 403d4a-403d81 241->244 245 403d2e-403d45 1001D8F8 241->245 242->191 252 403d83-403d88 244->252 253 403d8a 244->253 245->191 248 403ba7-403baa 246->248 247->248 250 403bac-403bd8 call 4030f2 1001D8F8 248->250 251 403bdd-403be1 248->251 250->191 254 403be3-403bfa 1001D8F8 251->254 255 403bff-403c15 251->255 256 403d8f-403d92 252->256 253->256 254->191 265 403c17-403c1c 255->265 266 403c1e 255->266 258 403d94-403dc0 call 4030f2 1001D8F8 256->258 259 403dc5-403dc9 256->259 258->191 263 403de7-403e09 259->263 264 403dcb-403de2 1001D8F8 259->264 271 403e12 263->271 272 403e0b-403e10 263->272 264->191 268 403c23-403c26 265->268 266->268 268->224 270 403c2c-403c58 call 4030f2 1001D8F8 268->270 270->191 274 403e17-403e1a 271->274 272->274 276 403e1c-403e48 call 4030f2 1001D8F8 274->276 277 403e4d-403e51 274->277 276->191 278 403e57-403e68 SysAllocString 277->278 279 403f0d 277->279 281 403e86-403ea4 278->281 282 403e6a-403e81 1001D8F8 278->282 279->239 281->279 285 403ea6-403eab 281->285 282->191 285->279 286 403ead-403eb1 285->286 286->279 287 403eb3-403ee9 call 403f26 1001F200 * 2 286->287 287->279 290 403eeb-403f0a 1001E65C * 2 287->290 290->279
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • 1001D8F8.CRTDLL(LINE %d,000000EC,?,00000002), ref: 00403999
                                                                                                                                                                                                                                                                                                                            • 1001D8F8.CRTDLL(Line %d: %s,000000EE,00000000), ref: 004039EC
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001
                                                                                                                                                                                                                                                                                                                            • String ID: value$LINE %d$Line %d: %s$Z9@$Z9@
                                                                                                                                                                                                                                                                                                                            • API String ID: 3273692033-4119484769
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 773c32fa49ed7cbcf79018bf3290a0453b83e0c3fcd27ffda7bd2550a0372985
                                                                                                                                                                                                                                                                                                                            • Instruction ID: c92c99cda2f92db92eeca4ed6438e44f586066a9280843e6fb57d98702687c43
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 773c32fa49ed7cbcf79018bf3290a0453b83e0c3fcd27ffda7bd2550a0372985
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: FDE19F72D04205EBEB00AF91C8067EEBA79EB84706F24403AE504772D1D7BD6F85DB5A

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 443 404fb8-404fe2 DeleteFileA 10015765 444 404fe4-404fe9 443->444 445 404fee-405017 1001C06C 10015765 443->445 446 4050b9-4050bb 444->446 447 405023-40504e 100151BB 10015138 1001C489 445->447 448 405019-40501e 445->448 449 405050-405055 447->449 450 405057-405081 1001C32C 1001C7EA 447->450 448->446 449->446 451 405083-40508b 1001C4C5 450->451 452 40508e-4050b4 1001BD6D 1001C06C 1001BD6D 450->452 451->452 452->446
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(0040771C,?,?,?,00404529,00407820,?,?,?,?,?,0040771C), ref: 00404FC4
                                                                                                                                                                                                                                                                                                                            • 10015765.CRTDLL(0040771C,00474D86,0040771C,?,?,?,00404529,00407820,?,?,?,?,?,0040771C), ref: 00404FD3
                                                                                                                                                                                                                                                                                                                            • 1001C06C.CRTDLL(00000000,MIME-Version: 1.0Content-Location:File://foo.exeContent-Transfer-Encoding: binary,0040771C,?,?,?,00404529), ref: 00404FF6
                                                                                                                                                                                                                                                                                                                            • 10015765.CRTDLL(C:\Users\user\Desktop\4ui8luUSNp.exe,00474D83,?,?,0040771C,?,?,?,00404529), ref: 00405008
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • <body bgcolor=black scroll=no><SCRIPT>function malware(){s=document.URL;path=s.substr(-0,s.lastIndexOf("\\"));path=unescape(path);document.write(' <title>Message</title><body scroll=no bgcolor=white><FONT face="Arial" color=black style="position:absolute, xrefs: 00405099
                                                                                                                                                                                                                                                                                                                            • MIME-Version: 1.0Content-Location:File://foo.exeContent-Transfer-Encoding: binary, xrefs: 00404FEE
                                                                                                                                                                                                                                                                                                                            • C:\Users\user\Desktop\4ui8luUSNp.exe, xrefs: 00405003
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 10015765$1001DeleteFile
                                                                                                                                                                                                                                                                                                                            • String ID: <body bgcolor=black scroll=no><SCRIPT>function malware(){s=document.URL;path=s.substr(-0,s.lastIndexOf("\\"));path=unescape(path);document.write(' <title>Message</title><body scroll=no bgcolor=white><FONT face="Arial" color=black style="position:absolute$C:\Users\user\Desktop\4ui8luUSNp.exe$MIME-Version: 1.0Content-Location:File://foo.exeContent-Transfer-Encoding: binary
                                                                                                                                                                                                                                                                                                                            • API String ID: 3647878303-1969695888
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e632037a8f5f3fbd7fc21e7fc52ccf075609a80f30cba8ccbec56cf1c5b99f61
                                                                                                                                                                                                                                                                                                                            • Instruction ID: a5c8f9776a4e9eb507219238b69814b4e58edb9589292bb17a273115fcafa01f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e632037a8f5f3fbd7fc21e7fc52ccf075609a80f30cba8ccbec56cf1c5b99f61
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 1D2133B2D00508FBDF117695DC06BAE7A31DB50308F148476F904351E1E7BA5A649E8A

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            • Executed
                                                                                                                                                                                                                                                                                                                            • Not Executed
                                                                                                                                                                                                                                                                                                                            control_flow_graph 453 402e85-402ea1 call 402dc8 456 402ea3 453->456 457 402ea8-402ec9 CreateFileA 453->457 458 402ffe-403000 456->458 459 402fee-402ffb 1001D8F8 457->459 460 402ecf-402eeb GetFileSize 457->460 459->458 461 402efa-402f01 460->461 462 402eed-402ef5 CloseHandle 460->462 463 402fe4-402fec CloseHandle 461->463 464 402f07-402f1c 1001C489 461->464 462->458 463->458 465 402f22-402f3c ReadFile 464->465 466 402fcc-402fe1 1001D8F8 464->466 467 402f4b-402f6c call 4052b4 465->467 468 402f3e-402f48 1001D8F8 465->468 466->463 471 402f70-402f83 call 40126a 467->471 472 402f6e-402fca 1001C4C5 467->472 468->467 476 402f85-402f96 1001F200 471->476 477 402fbd 471->477 472->463 476->477 478 402f98-402fba 1001F284 call 402bfd 476->478 477->467 478->477
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00402DC8: 1001F200.CRTDLL(00000000,?), ref: 00402DE3
                                                                                                                                                                                                                                                                                                                            • CreateFileA.KERNEL32(00000000,80000000,00000001,00000000,00000003,00000080,00000000,?), ref: 00402EBD
                                                                                                                                                                                                                                                                                                                            • GetFileSize.KERNEL32(00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000,?), ref: 00402EDD
                                                                                                                                                                                                                                                                                                                            • CloseHandle.KERNEL32(00000000,00000000,00000000,00000000,80000000,00000001,00000000,00000003,00000080,00000000,?), ref: 00402EF0
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • Failed to open '%s', xrefs: 00402FF1
                                                                                                                                                                                                                                                                                                                            • Read error, xrefs: 00402F3E
                                                                                                                                                                                                                                                                                                                            • Memory allocation error, file %s, size %d, xrefs: 00402FD7
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: File$1001CloseCreateF200HandleSize
                                                                                                                                                                                                                                                                                                                            • String ID: Failed to open '%s'$Memory allocation error, file %s, size %d$Read error
                                                                                                                                                                                                                                                                                                                            • API String ID: 1543754479-2966797669
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 26654996f537e94b6437c2a4dd3c47e5c29a479cbf154200ddb46358a34ba03f
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4bf70c94a4caf8dd1b67910f9586562c8b01bb5aef2dca292cb34115e63c2259
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26654996f537e94b6437c2a4dd3c47e5c29a479cbf154200ddb46358a34ba03f
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4A3152B1C04105AAEF116B91DE0ABAE7A31AB40308F24443BF505351F1D7BA5A65FE9F

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(00000000,?), ref: 00404965
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(00000000,?), ref: 0040498F
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(00000000,?), ref: 004049B9
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(00000000,?), ref: 004049EA
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(00000000,?), ref: 00404A14
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00405100: 1001E660.CRTDLL(41C60EEF,?,?), ref: 004051FE
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(00000000,?), ref: 00404A3E
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(00000000,?), ref: 00404A6F
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(00000000,?), ref: 00404A99
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(00000000,?), ref: 00404AC3
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(00000000,?), ref: 00404AF4
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(00000000,?), ref: 00404B1E
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(00000000,?), ref: 00404B48
                                                                                                                                                                                                                                                                                                                            • 1001E660.CRTDLL(00407A88,00000000), ref: 00404B5C
                                                                                                                                                                                                                                                                                                                            • 1001E660.CRTDLL(00407B88,00000000), ref: 00404B70
                                                                                                                                                                                                                                                                                                                            • 1001E660.CRTDLL(00407C88,00000000), ref: 00404B84
                                                                                                                                                                                                                                                                                                                            • 1001E660.CRTDLL(00407D88,00000000), ref: 00404B98
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001$E660
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 711195432-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: ca1bc1fb306098ab6712920d321c79089bc6ac382dc23313e8dfca4a2aba109b
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f08960fdd85e455d33e7b90b9d7183b5d218ef389d24f7a66b72040e99619d9f
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: ca1bc1fb306098ab6712920d321c79089bc6ac382dc23313e8dfca4a2aba109b
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DE51467BC0051456CB21AA415C06BEF7239ABD9704F8908EDF908B6142D3F4279ACFF6

                                                                                                                                                                                                                                                                                                                            Control-flow Graph

                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetForegroundWindow.USER32(000005DC), ref: 0040475C
                                                                                                                                                                                                                                                                                                                            • GetWindowTextA.USER32(00000000,?,000000FF), ref: 00404770
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000001F4,?,000000FF,000005DC), ref: 004047AA
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004031F6: GetTickCount.KERNEL32 ref: 00403222
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004031F6: CoInitialize.OLE32(00000000), ref: 0040322E
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004031F6: GetTickCount.KERNEL32 ref: 004032B1
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 004031F6: CoUninitialize.OLE32 ref: 004032CA
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401A58: GetTickCount.KERNEL32 ref: 00401A61
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00401A58: 1001F284.CRTDLL(?,?,000000FF,?,?,?,?,?,004017DB,?,00000000), ref: 00401B6F
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403FB6: 1001E69C.CRTDLL(?,00000040), ref: 00403FC9
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403FB6: 1001D8F8.CRTDLL(Domain: '%s',00000001), ref: 00403FF2
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403FB6: 1001D8F8.CRTDLL(MX: '%s',?), ref: 00404027
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403FB6: gethostbyname.WSOCK32(?), ref: 00404056
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403FB6: WSAGetLastError.WSOCK32 ref: 0040406A
                                                                                                                                                                                                                                                                                                                              • Part of subcall function 00403FB6: 1001D8F8.CRTDLL(hostent() error: %d,00000000), ref: 00404077
                                                                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(c:\tmpe.tmp,?,?,?,?,?,?,?,?,?,000001F4,?,000000FF,000005DC), ref: 0040480F
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(001B7740,c:\tmpe.tmp,?,?,?,?,?,?,?,?,?,000001F4,?,000000FF,000005DC), ref: 00404819
                                                                                                                                                                                                                                                                                                                            • 1001F200.CRTDLL(?), ref: 0040482A
                                                                                                                                                                                                                                                                                                                            • DeleteFileA.KERNEL32(c:\tmpe.tmp), ref: 004048E3
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(001B7740,c:\tmpe.tmp), ref: 004048ED
                                                                                                                                                                                                                                                                                                                            • 1001F200.CRTDLL(?), ref: 00404901
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000005DC), ref: 0040491F
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001$Sleep$CountTick$DeleteF200FileWindow$ErrorF284ForegroundInitializeLastTextUninitializegethostbyname
                                                                                                                                                                                                                                                                                                                            • String ID: c:\tmpe.tmp
                                                                                                                                                                                                                                                                                                                            • API String ID: 3006756165-1120852642
                                                                                                                                                                                                                                                                                                                            • Opcode ID: e6cd1612c391d8b5ab87c07806a8b57ef9ab1add1e89a9206d0ee0a6911d9fed
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 109c13d56edc1a309cbd2493eb2c6e9320dcd9141e0ba1de7d1749050c8eb415
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: e6cd1612c391d8b5ab87c07806a8b57ef9ab1add1e89a9206d0ee0a6911d9fed
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: DF41B6F2D8431496D7207A614C4BBAA7634ABE0705F5004FBF608361C2D7BC2B859EAF
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • X-Mailer: The Bat! (v1.61)X-Priority: 2 (High)Subject: your account %sMIME-Version: 1.0Content-Type: multipart/mixed; boundary="%s"--%sContent-Type: text/plain; charset=us-asciiContent-Transfer-Encoding: 7bitHello there,I w, xrefs: 0040181F
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 10011001511001513810015765C489
                                                                                                                                                                                                                                                                                                                            • String ID: X-Mailer: The Bat! (v1.61)X-Priority: 2 (High)Subject: your account %sMIME-Version: 1.0Content-Type: multipart/mixed; boundary="%s"--%sContent-Type: text/plain; charset=us-asciiContent-Transfer-Encoding: 7bitHello there,I w
                                                                                                                                                                                                                                                                                                                            • API String ID: 1519618610-3261467570
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 534fb217c0a01ac4c1c9b0ee8eef981cce3537bfa5c8f9e67ea7be1c92fb8f7a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: f58ab0c008a33dd4d7cd281d08e78b24797d05f7c4658de05cd3826ba623b4ed
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 534fb217c0a01ac4c1c9b0ee8eef981cce3537bfa5c8f9e67ea7be1c92fb8f7a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: E73180B7C00108ABDF11BB519C02BDE7735EB54308F0084BAE909361A1E3B92BA5DF96
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001F200
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2081591043-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 0da828a5028cfb9c4bdee7d9b70c61f080903027bfc2c847c8062276e403e7c4
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7713d44a492a5678a5425cf20fc7b15ee69cf14a5256b58bb3988463bdbd0874
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 0da828a5028cfb9c4bdee7d9b70c61f080903027bfc2c847c8062276e403e7c4
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0D519E72D00209EBDF109F94D9097DFBB72EF85328F254065E8043B291D7B9AB46CB99
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(000003E8), ref: 00401C35
                                                                                                                                                                                                                                                                                                                            • 1001F284.CRTDLL(?,00000000,admin@,000000FF,000003E8), ref: 00401C5A
                                                                                                                                                                                                                                                                                                                            • 1001F218.CRTDLL(?,?,00000000,000000F5,000003E8), ref: 00401C85
                                                                                                                                                                                                                                                                                                                            • 1001F284.CRTDLL(?,?,00000000,000000FF,?,?,000000F5,000003E8), ref: 00401CB0
                                                                                                                                                                                                                                                                                                                            • 1001E69C.CRTDLL(?,00000000,00000040,?,?,000000FF,?,?,000000F5,000003E8), ref: 00401CD0
                                                                                                                                                                                                                                                                                                                            • 1001F218.CRTDLL(?,00000000,00474AF5,000000FF,00000000,?,00000040,?,?,000000FF,?,?,000000F5,000003E8), ref: 00401D38
                                                                                                                                                                                                                                                                                                                            • 1001F218.CRTDLL(?,?,00000000,000000FF,?,000000FF,00000000,?,00000040,?,?,000000FF,?,?,000000F5,000003E8), ref: 00401D63
                                                                                                                                                                                                                                                                                                                            • 1001F218.CRTDLL(?,00000000,00474AF3,000000FF,?,?,000000FF,?,000000FF,00000000,?,00000040,?,?,000000FF), ref: 00401D8B
                                                                                                                                                                                                                                                                                                                            • 1001F200.CRTDLL(?,00000000,?,?,?,00000000,?,?,000000FF,?,?,000000FF,?,000000FF,00000000), ref: 00401DF2
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001$F218$F284$F200Sleep
                                                                                                                                                                                                                                                                                                                            • String ID: admin@
                                                                                                                                                                                                                                                                                                                            • API String ID: 3533001665-489714713
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 26f80d246675fff50ab745c3a5902f9ab7e66177db87522a5013fd4d99381f66
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 195e9dc06b422f6bd718f6be3a99c537dc1a5c0d43a746e2b0d35170f5ee9495
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 26f80d246675fff50ab745c3a5902f9ab7e66177db87522a5013fd4d99381f66
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 6F51B3B5D0020AEBDB009F44DD417DE7B75FB95324F24003AE90477292E3B9AA868FD9
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • 6FF31E40.WSOCK32(00000000,000000FF,00000001,00000000,00000002,00000000), ref: 0040235B
                                                                                                                                                                                                                                                                                                                            • select.WSOCK32(00000000,00000001,00000000,00000000,00000003,00000000,000000FF,00000001,00000000,00000002,00000000), ref: 00402377
                                                                                                                                                                                                                                                                                                                            • 1001F24C.CRTDLL(?,250,00000003,00000000,00000001,00000000,00000000,00000003,00000000,000000FF,00000001,00000000,00000002,00000000), ref: 004023AE
                                                                                                                                                                                                                                                                                                                            • 1001F24C.CRTDLL(?,220,00000003,00000000,00000002,00000000), ref: 004023C9
                                                                                                                                                                                                                                                                                                                            • 1001F24C.CRTDLL(?,354,00000003,?,?,?,00000000,00000002,00000000), ref: 004023E4
                                                                                                                                                                                                                                                                                                                            • 1001F24C.CRTDLL(?,221,00000003,?,?,?,?,?,?,00000000,00000002,00000000), ref: 004023FF
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001$select
                                                                                                                                                                                                                                                                                                                            • String ID: 220$221$250$354
                                                                                                                                                                                                                                                                                                                            • API String ID: 1275355861-4259334579
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 7cb3f69c7fc8c38a19d4e74e1a1af09580e14dc2ca8146732558e38d4466212d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7a5b8caf8da70b3089f469a0b26dd38df3b0f8160f7480a1966fa1a1baa37f93
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 7cb3f69c7fc8c38a19d4e74e1a1af09580e14dc2ca8146732558e38d4466212d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: EA314C71940218EADB219B41DC467DEBB79EB81714F1080A6E6087B2C1C3F96BC6CF95
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • Sleep.KERNEL32(0000EA60), ref: 00404BEF
                                                                                                                                                                                                                                                                                                                            • 10015765.CRTDLL(00407820,00474803,0000EA60), ref: 00404C07
                                                                                                                                                                                                                                                                                                                            • WSAStartup.WSOCK32(00000001,?), ref: 00404C2B
                                                                                                                                                                                                                                                                                                                            • RtlZeroMemory.KERNEL32(004082E0,00061C00,00000001,?), ref: 00404C49
                                                                                                                                                                                                                                                                                                                            • 1001BD6D.CRTDLL(00000000,004082E0,00061C00,00000001,?), ref: 00404DF3
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 100110015765MemorySleepStartupZero
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 499941085-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: abef3d57c3958584e0eba9587ac1eba7095b698237b23cff4d6d4070dc39c0ae
                                                                                                                                                                                                                                                                                                                            • Instruction ID: ecc6d551da77e7d28809b25a000f7eb96683d12bf15382b1ef3cc4d435574783
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: abef3d57c3958584e0eba9587ac1eba7095b698237b23cff4d6d4070dc39c0ae
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: F841B1B1905208DAEB209B51EE4679A7771FB81318F61007AE2443B1E1D7B86985CF9E
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • RegOpenKeyA.ADVAPI32(80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,?), ref: 0040303A
                                                                                                                                                                                                                                                                                                                            • 1001F200.CRTDLL(?,?,00000000,?,00000200,00000000,?,?,00000200,80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,?), ref: 00403051
                                                                                                                                                                                                                                                                                                                            • 1001E65C.CRTDLL(0000005C,00474A64), ref: 00403074
                                                                                                                                                                                                                                                                                                                            • RegEnumValueA.ADVAPI32(?,00000000,?,00000200,00000000,?,?,00000200,80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,?), ref: 004030D6
                                                                                                                                                                                                                                                                                                                            • RegCloseKey.ADVAPI32(?,80000001,Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders,?), ref: 004030EA
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            • \, xrefs: 0040305E
                                                                                                                                                                                                                                                                                                                            • Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders, xrefs: 00403030
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001$CloseEnumF200OpenValue
                                                                                                                                                                                                                                                                                                                            • String ID: Software\Microsoft\Windows\CurrentVersion\Explorer\Shell Folders$\
                                                                                                                                                                                                                                                                                                                            • API String ID: 846793889-2371276724
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d77d8edebdf5d7138e72573bbf5c914790a1234c6a7042f551b9ceea9c34f7ac
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7e819d6c7fad4c3be6966f053a9d0f3ef23f91f33627878e8c4f75e928424671
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d77d8edebdf5d7138e72573bbf5c914790a1234c6a7042f551b9ceea9c34f7ac
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 351184B280031C9AEB30AB518C4DBDFB779AB80704F0445E9E62976193C7B81BC9CF95
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • 1001F200.CRTDLL(00000000,?), ref: 00402DE3
                                                                                                                                                                                                                                                                                                                            • 1001F200.CRTDLL(00000000), ref: 00402E04
                                                                                                                                                                                                                                                                                                                            • 1001F284.CRTDLL(00000000,?,00000003), ref: 00402E2F
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001$F200$F284
                                                                                                                                                                                                                                                                                                                            • String ID: $[JG
                                                                                                                                                                                                                                                                                                                            • API String ID: 115559359-959137364
                                                                                                                                                                                                                                                                                                                            • Opcode ID: b70f47711542b54cba988c404015f4c87fc1533eb41b6277ef0bff049ad6453a
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 3b8af29cb0cfe4db57d817593d7373748dedf92242b3a25f04056baa53a85c6b
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: b70f47711542b54cba988c404015f4c87fc1533eb41b6277ef0bff049ad6453a
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B1160B5800249EBDF019B94D9057DE7B72EB40318F110066DD053F2D2C3B96B4AABC6
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001CountTick$D340InitializeUninitialize
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 170981537-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: fd852d2fd56ad130941a8ae4ac28a490556950804a47b623a90f708c34cde8c3
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 26568e958bd4a6d25e6f21f5877bd6fb6a39dc953607e13f700d705e0055d867
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: fd852d2fd56ad130941a8ae4ac28a490556950804a47b623a90f708c34cde8c3
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 7E11E37380424496E7106B55DC063AE3779AB82749F8400FEE408771C6D7FD3A898F9B
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • CoInitialize.OLE32(00000000), ref: 0040312F
                                                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 0040313E
                                                                                                                                                                                                                                                                                                                            • 1001E6C4.CRTDLL(?,?,000003E8), ref: 00403190
                                                                                                                                                                                                                                                                                                                            • 1001D340.CRTDLL(?,?,00000FFF,?,?,000003E8), ref: 004031BF
                                                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 004031D0
                                                                                                                                                                                                                                                                                                                            • CoUninitialize.OLE32(?,?,?,?,?,000003E8), ref: 004031E9
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001CountTick$D340InitializeUninitialize
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 170981537-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 2acea24ac0617f68411d4c36b089ecdfcf1466dfd1b061be7cb2c25f17eb10a6
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 5c345564c67ee5be7f2f46c35482572b1835ee96a61d7fbdf998254a15d7a23c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 2acea24ac0617f68411d4c36b089ecdfcf1466dfd1b061be7cb2c25f17eb10a6
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 3A11E37380424486E7206B65DC067AF366AAB8530AF4404FEF0087B1C2D7BC2A858E9B
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00401B88
                                                                                                                                                                                                                                                                                                                            • 1001E5C5.CRTDLL(?,%.8X%.8X,00000000,?,?,?,?,?,?,?,?,?,?,?,004017CA,?), ref: 00401BAD
                                                                                                                                                                                                                                                                                                                            • 1001F200.CRTDLL(?,?,?,?,?,?,?,?,?,?,?,?,?,?,?,004017CA), ref: 00401BB9
                                                                                                                                                                                                                                                                                                                            • 1001E5C5.CRTDLL(004017CA,----------%s,00000000,?,?,?,?,?,?,?,?), ref: 00401BD7
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001$CountF200Tick
                                                                                                                                                                                                                                                                                                                            • String ID: %.8X%.8X$----------%s
                                                                                                                                                                                                                                                                                                                            • API String ID: 3352002681-1631260974
                                                                                                                                                                                                                                                                                                                            • Opcode ID: f6e51c5e6cd62a4c681346519ea6c171e23f02e74d8711897492945bfb2917b0
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 070da3b3857a56ff9989410c10bc9be88267a50a9113a105a97d3b5cffb6c41c
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: f6e51c5e6cd62a4c681346519ea6c171e23f02e74d8711897492945bfb2917b0
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 0AF096B390020466DF01B6A59C06FFF3675DBC8708F840439F90476182E7B9AA1697BA
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • 10015765.CRTDLL(c:\tmpe.tmp,00474D86,?,?,?,004038F3,?), ref: 00403F8A
                                                                                                                                                                                                                                                                                                                            • 1001C06C.CRTDLL(?,%s,004038F3,004038F3,?), ref: 00403FA0
                                                                                                                                                                                                                                                                                                                            • 1001BD6D.CRTDLL(?,?,?,?,004038F3,?), ref: 00403FAB
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001$10015765
                                                                                                                                                                                                                                                                                                                            • String ID: %s$c:\tmpe.tmp
                                                                                                                                                                                                                                                                                                                            • API String ID: 4055235427-4072601731
                                                                                                                                                                                                                                                                                                                            • Opcode ID: d108b13151611380978096f998133f0a78c0a39505028fca58d954bade76300d
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 7a8f19d30e304dbe2d2c0cdedb76028b958675fde1fc7434abac2603b42fda6a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: d108b13151611380978096f998133f0a78c0a39505028fca58d954bade76300d
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 03D012E2D40108B6CF107BA2DC07DAF7A68DA91754B14817AFD08341A1F6B69B209A9A
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001$F200
                                                                                                                                                                                                                                                                                                                            • String ID: hlp
                                                                                                                                                                                                                                                                                                                            • API String ID: 1770347420-549983773
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 68543c3839008495c4bf1aa77d59df2cf9b2815bf768329c7bee74215e9e30d7
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 26f4a6c6800ed68aaa398b24427ac9acce5a27661276cc51f16232d61dd8676a
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 68543c3839008495c4bf1aa77d59df2cf9b2815bf768329c7bee74215e9e30d7
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 570167F1D00144BBEF116A82DC02B9E3B64DB80354F14007BF805BA2B1E67ADF95968A
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • LoadIconA.USER32(00000000,00007F00), ref: 00404710
                                                                                                                                                                                                                                                                                                                            • LoadCursorA.USER32(00000000,00007F00), ref: 00404722
                                                                                                                                                                                                                                                                                                                            • GetStockObject.GDI32(00000000), ref: 0040472F
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: Load$CursorIconObjectStock
                                                                                                                                                                                                                                                                                                                            • String ID: JE@
                                                                                                                                                                                                                                                                                                                            • API String ID: 3711576554-2040409044
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1772a8d5ef51f78be71efd7061b2a8bf6caeb5e0a90294bb6448d515c7de0aea
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0e73769fb29e94a48444b9859cc011a2465a944df5101fbcc4130c011442d8f4
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1772a8d5ef51f78be71efd7061b2a8bf6caeb5e0a90294bb6448d515c7de0aea
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 4B01927A904719ABDB109F11C80178ABBA5FB487B4F15811AED4C6B780C3B4FA55CFD4
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • 10015765.CRTDLL(00407820,00474D86), ref: 00402C0C
                                                                                                                                                                                                                                                                                                                            • 1001C06C.CRTDLL(?,%s,?), ref: 00402C22
                                                                                                                                                                                                                                                                                                                            • 1001BD6D.CRTDLL(?), ref: 00402C2D
                                                                                                                                                                                                                                                                                                                            Strings
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 1001$10015765
                                                                                                                                                                                                                                                                                                                            • String ID: %s
                                                                                                                                                                                                                                                                                                                            • API String ID: 4055235427-620797490
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 3603271048bf87f8e9cb3d7723c1328a5ec83af5b8a0ac1565be9ee3481bccc9
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 0a42463306d5522c39ef9a7c140a24115bfd7d8377342e39bda7d44fbd6ffd06
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 3603271048bf87f8e9cb3d7723c1328a5ec83af5b8a0ac1565be9ee3481bccc9
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: 8AE0E6B2D40104FACF107B52DD07D9E7A64D681754B248176FD05301A2E6755B209E5A
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • 10012226.CRTDLL(0000000B,00000000), ref: 0040114E
                                                                                                                                                                                                                                                                                                                            • 10012226.CRTDLL(00000008,00000000), ref: 00401168
                                                                                                                                                                                                                                                                                                                            • 10012226.CRTDLL(00000000), ref: 00401187
                                                                                                                                                                                                                                                                                                                            • 1001242C.CRTDLL ref: 00401195
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: 10012226$1001242
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 2107281119-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 583458a6845393a341e643697e8c2f5bc989cf30387a0ad0224e342915684ed6
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 4a81594681d66c589824d65a12c9b8e93df4319547ef2d200cffc92cb1cc33c0
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 583458a6845393a341e643697e8c2f5bc989cf30387a0ad0224e342915684ed6
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: C8310C71900204EBDB10DF18EC81B667B74FB08360F044576FE19AB3E1E738A964CBA4
                                                                                                                                                                                                                                                                                                                            APIs
                                                                                                                                                                                                                                                                                                                            • GetTickCount.KERNEL32 ref: 00402202
                                                                                                                                                                                                                                                                                                                            • TerminateThread.KERNEL32(00000000), ref: 0040224C
                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 0040227A
                                                                                                                                                                                                                                                                                                                            • closesocket.WSOCK32(00000000), ref: 004022A8
                                                                                                                                                                                                                                                                                                                            Memory Dump Source
                                                                                                                                                                                                                                                                                                                            • Source File: 00000000.00000002.1374945102.0000000000401000.00000080.00000001.01000000.00000003.sdmp, Offset: 00400000, based on PE: true
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374925262.0000000000400000.00000002.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374964549.0000000000407000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1374994306.0000000000474000.00000040.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375014749.0000000000476000.00000080.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375033609.0000000000478000.00000008.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            • Associated: 00000000.00000002.1375052510.0000000000479000.00000004.00000001.01000000.00000003.sdmpDownload File
                                                                                                                                                                                                                                                                                                                            Joe Sandbox IDA Plugin
                                                                                                                                                                                                                                                                                                                            • Snapshot File: hcaresult_0_2_400000_4ui8luUSNp.jbxd
                                                                                                                                                                                                                                                                                                                            Similarity
                                                                                                                                                                                                                                                                                                                            • API ID: closesocket$CountTerminateThreadTick
                                                                                                                                                                                                                                                                                                                            • String ID:
                                                                                                                                                                                                                                                                                                                            • API String ID: 564561751-0
                                                                                                                                                                                                                                                                                                                            • Opcode ID: 1f292f88eb347fb35c8a91462303bc074a1286dbc2053aa302834e3e9bfbf855
                                                                                                                                                                                                                                                                                                                            • Instruction ID: 9ea25df2fa8154756c13685066d749152263f9bba9160f52d63d8d6afbee50b6
                                                                                                                                                                                                                                                                                                                            • Opcode Fuzzy Hash: 1f292f88eb347fb35c8a91462303bc074a1286dbc2053aa302834e3e9bfbf855
                                                                                                                                                                                                                                                                                                                            • Instruction Fuzzy Hash: CB218D72401209EEDB04DB54DB0938DBBB6E781328F65417FC140371E6C7B96A45EE5C